US20210144551A1 - Method and apparatus for discussing digital certificate by esim terminal and server - Google Patents
Method and apparatus for discussing digital certificate by esim terminal and server Download PDFInfo
- Publication number
- US20210144551A1 US20210144551A1 US16/622,009 US201816622009A US2021144551A1 US 20210144551 A1 US20210144551 A1 US 20210144551A1 US 201816622009 A US201816622009 A US 201816622009A US 2021144551 A1 US2021144551 A1 US 2021144551A1
- Authority
- US
- United States
- Prior art keywords
- public key
- key identifier
- uicc
- terminal
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 71
- 238000004891 communication Methods 0.000 claims abstract description 54
- 230000004044 response Effects 0.000 claims description 38
- 230000004913 activation Effects 0.000 claims description 8
- 238000005516 engineering process Methods 0.000 abstract description 22
- 238000012546 transfer Methods 0.000 abstract description 5
- 230000036541 health Effects 0.000 abstract description 2
- 238000010295 mobile communication Methods 0.000 description 23
- 230000006870 function Effects 0.000 description 20
- 238000010586 diagram Methods 0.000 description 14
- 238000003860 storage Methods 0.000 description 12
- 238000012545 processing Methods 0.000 description 9
- 230000008569 process Effects 0.000 description 7
- 238000012795 verification Methods 0.000 description 7
- 230000000977 initiatory effect Effects 0.000 description 6
- 238000004590 computer program Methods 0.000 description 4
- 238000009434 installation Methods 0.000 description 4
- 230000005540 biological transmission Effects 0.000 description 3
- 230000008859 change Effects 0.000 description 2
- 238000004519 manufacturing process Methods 0.000 description 2
- 238000002360 preparation method Methods 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 229920000379 polypropylene carbonate Polymers 0.000 description 1
- 238000002300 pressure perturbation calorimetry Methods 0.000 description 1
- 238000011160 research Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0869—Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/2866—Architectures; Arrangements
- H04L67/30—Profiles
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/34—Network arrangements or protocols for supporting network services or applications involving the movement of software or configuration parameters
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/043—Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
- H04W12/069—Authentication using certificates or pre-shared keys
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/30—Security of mobile devices; Security of mobile applications
- H04W12/35—Protecting application or service provisioning, e.g. securing SIM application provisioning
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/60—Context-dependent security
- H04W12/69—Identity-dependent
- H04W12/72—Subscriber identity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/40—Security arrangements using identity modules
Definitions
- the disclosure relates to a method and an apparatus for downloading and installing communication services by a terminal, thereby establishing a communication connection in a communication system.
- the disclosure also relates to a method and an apparatus for downloading, installing, and managing a profile online in a communication system.
- the 5G communication system or the pre-5G communication system is called a beyond 4G network communication system or a post LTE system.
- an implementation of the 5G communication system in a mmWave band (for example, 60 GHz band) is being considered.
- technologies such as beamforming, massive MIMO, Full Dimensional MIMO (FD-MIMO), array antenna, analog beam-forming, and large scale antenna are being discussed as means to mitigate a propagation path loss in the mm Wave band and increase a propagation transmission distance.
- FD-MIMO Full Dimensional MIMO
- array antenna analog beam-forming
- large scale antenna are being discussed as means to mitigate a propagation path loss in the mm Wave band and increase a propagation transmission distance.
- the 5G communication system has developed technologies such as an evolved small cell, an advanced small cell, a cloud Radio Access Network (RAN), an ultra-dense network, Device to Device communication (D2D), a wireless backhaul, a moving network, cooperative communication, Coordinated Multi-Points (CoMP), and received interference cancellation to improve the system network.
- technologies such as an evolved small cell, an advanced small cell, a cloud Radio Access Network (RAN), an ultra-dense network, Device to Device communication (D2D), a wireless backhaul, a moving network, cooperative communication, Coordinated Multi-Points (CoMP), and received interference cancellation to improve the system network.
- technologies such as an evolved small cell, an advanced small cell, a cloud Radio Access Network (RAN), an ultra-dense network, Device to Device communication (D2D), a wireless backhaul, a moving network, cooperative communication, Coordinated Multi-Points (CoMP), and received interference cancellation to improve the system network.
- RAN Radio Access Network
- D2D Device to Device communication
- CoMP Coordinat
- the 5G system has developed Advanced Coding Modulation (ACM) schemes such as Hybrid FSK and QAM Modulation (FQAM) and Sliding Window Superposition Coding (SWSC), and advanced access technologies such as Filter Bank Multi Carrier (FBMC), Non Orthogonal Multiple Access (NOMA), and Sparse Code Multiple Access (SCMA).
- ACM Advanced Coding Modulation
- FQAM Hybrid FSK and QAM Modulation
- SWSC Sliding Window Superposition Coding
- FBMC Filter Bank Multi Carrier
- NOMA Non Orthogonal Multiple Access
- SCMA Sparse Code Multiple Access
- IoT Internet of Things
- M2M Machine-to-Machine
- MTC Machine-Type Communication
- an intelligent Internet Technology (IT) service to create a new value for peoples' lives may be provided.
- the IoT may be applied to fields such as those of a smart home, a smart building, a smart city, a smart car, a connected car, a smart grid, health care, a smart home appliance, or high-tech medical services through the convergence of the conventional Information Technology (IT) and various industries.
- IT Information Technology
- 5G communication to the IoT network
- technologies such as a sensor network, machine-to-machine (M2M) communication, machine type communication (MTC), and the like
- 5G communication techniques such as beamforming, MIMO, array antennas, and the like.
- the application of a cloud RAN as the big data processing technology may be an example of convergence of the 5G technology and the IoT technology.
- a universal integrated circuit card is a smart card that is inserted into a mobile terminal and the like for use and is also called a “UICC”.
- the UICC may include an access control module for accessing a mobile communication provider's network. Examples of the access control module include a universal subscriber identity module (USIM), a subscriber identity module (SIM), an IP multimedia service identity module (ISIM), and the like.
- a UICC including a USIM is commonly called a “USIM card”.
- a UICC including a SIM module is commonly called a “SIM card”.
- SIM card will be used as a typical meaning encompassing a UICC, a USIM card, a UICC including an ISIM, and the like. That is, although a description is made of the SIM card, techniques thereof may be equally applied to a USIM card, an ISIM card, or a general UICC.
- the SIM card stores personal information of a mobile communication subscriber and performs subscriber authentication and producing a traffic security key when accessing a mobile communication network, thereby enabling secure usage of mobile communication.
- the SIM card is generally manufactured as a dedicated card to a specific mobile communication provider at the request of the corresponding provider when manufacturing the card, and authentication information of the corresponding provider for network access, such as a universal subscriber identity module (USIM) application, an international mobile subscriber identity (IMSI), a K value, an OPc value, and the like, are prerecorded in the card to then be provided. Therefore, the manufactured SIM card is supplied to the corresponding mobile communication provider, and the mobile communication provider provides the SIM card to the subscriber. Thereafter, if necessary, it is possible to perform management of installation, modification, and deletion of an application with respect to the UICC using technology such as over-the-air (OTA) or the like.
- OTA over-the-air
- the subscriber may insert the UICC into a mobile terminal owned by the subscriber, thereby using the network and application services of the corresponding mobile communication provider.
- the subscriber may take out the UICC from the existing terminal and insert the same into a new terminal, thereby using authentication information, a mobile phone number, personal phone books, and the like without any change.
- the SIM card is inconvenient for the user of the mobile terminal when receiving services from other mobile communication providers.
- the user of the mobile terminal must physically acquire a SIM card in order to receive services from a mobile communication provider. For example, if the user travels to another country, the user must acquire a local SIM card in order to receive local mobile communication services.
- a roaming service solves the above inconvenience to some extent, a service charge of the roaming service is very high, and the roaming service requires a separate contract between the mobile communication providers.
- a SIM module is able to be remotely downloaded and installed in the UICC, most of the inconveniences may be eliminated. That is, the user may download, to the UICC, a SIM module of the mobile communication services to be used at the time desired by the user.
- the UICC may download and install a plurality of SIM modules, and may select and use only one of the SIM modules.
- the UICC may or may not be fixed to the terminal.
- a UICC fixed to a terminal is called an “embedded UICC (eUICC)”.
- eUICC embedded UICC
- the eUICC denotes a UICC that is fixed to a terminal and may select a SIM module by remotely downloading the same.
- a UICC capable of remotely downloading and selecting the SIM module will be collectively referred to as an “eUICC”. That is, among the UICCs capable of remotely downloading and selecting the SIM module, the UICC that is or is not fixed to the terminal will be collectively referred to as an “eUICC”. In addition, SIM module information to be downloaded will be collectively referred to as an “eUICC profile”.
- a method for performing an authentication procedure by a terminal in a wireless communication system may include: acquiring public key identifiers of a specific certificate issuer (CI); identifying public key identifiers supported by a universal integrated circuit card (UICC) of the terminal; determining a public key identifier belonging to the acquired public key identifiers, among the public key identifiers supported by the UICC of the terminal; and transmitting an authentication request message containing the determined public key identifier to a server (e.g., a profile management server SM+DP ⁇ ).
- a server e.g., a profile management server SM+DP ⁇
- the identifying may include comparing the acquired public key identifiers with UICC information cached in the terminal or receiving information about the public key identifier supported by the UICC and comparing the same with the acquired public key identifiers, and public key identifiers that are not included in the acquired public key identifiers may be excluded from the public key identifiers supported by the UICC, thereby limiting the public key identifiers used in the authentication procedure.
- the acquiring may include acquiring the public key identifier of the specific CI by receiving a user input with respect to the terminal, retrieving information stored in the UICC, retrieving an activation code, retrieving a command code, receiving the same from a profile-related server, or retrieving a profile installed in the UICC.
- the method may further include receiving an authentication response message containing a public key identifier to be used by the UICC from the server, and if the public key identifier to be used by the UICC, which is included in the authentication response message, is different from the acquired public key identifiers, if the public key identifier to be used by the UICC is not supported by the UICC, if the UICC does not support the acquired public key identifiers, or if there is no public key identifier belonging to the acquired public key identifiers, among public key identifiers supported by the UICC, the authentication procedure may be terminated.
- a terminal may include: a transceiver configured to transmit and receive a signal; and a controller configured to acquire public key identifiers of a specific certificate issuer (CI), identify public key identifiers supported by a universal integrated circuit card (UICC) of the terminal, determine a public key identifier belonging to the acquired public key identifiers, among the public key identifiers supported by the UICC of the terminal, transmit an authentication request message containing the determined public key identifier to a server, and verify a public key identifier to be used by the UICC, which is contained in an authentication response message transmitted by the server.
- CI public key identifiers of a specific certificate issuer
- UICC universal integrated circuit card
- a method may include: receiving an authentication request message containing a public key identifier from a terminal; and transmitting, to the terminal, an authentication response message containing a public key identifier to be used by a universal integrated circuit card (UICC) of the terminal, wherein the public key identifier contained in the authentication request message may belong to public key identifiers pre-acquired by the terminal, among public key identifiers supported by the UICC of the terminal.
- UICC universal integrated circuit card
- a server may include: a transceiver configured to transmit and receive a signal; and a controller configured to receive an authentication request message containing a public key identifier from a terminal and transmit, to the terminal, an authentication response message containing a public key identifier to be used by a universal integrated circuit card (UICC) of the terminal, wherein the public key identifier contained in the authentication request message may belong to public key identifiers pre-acquired by the terminal, among public key identifiers supported by the UICC of the terminal.
- UICC universal integrated circuit card
- the terminal can inform the profile management server (SM-DP+) of digital certificate issuer information trusted by the terminal, and can receive a digital certificate issued by a digital certificate issuer that the terminal trusts from the profile management server (SM-DP+) in a communication system. Accordingly, the terminal and the profile management server (SM-DP+) can reduce the security threat during a mutual authentication process using a digital certificate issued by a specific digital certificate issuer during the mutual authentication.
- SM-DP+ profile management server
- FIG. 1 is a diagram illustrating a method in which a terminal connects to a mobile communication network using a UICC equipped with a fixed profile.
- FIG. 2 is a diagram illustrating an example of a certificate hierarchy for certificates issued by a specific certificate issuer.
- FIG. 3 is a diagram illustrating a mutual authentication procedure between a server and a terminal.
- FIG. 4 is a diagram illustrating a procedure of discussing a certificate to be used during a mutual authentication procedure between a server and a terminal according to an embodiment.
- FIG. 5 is a diagram illustrating a procedure for selecting a certificate to be suggested by a terminal to be used for a mutual authentication procedure to a server according to an embodiment.
- FIG. 6 is a diagram illustrating the structure of a terminal according to an embodiment of the disclosure.
- FIG. 7 is a diagram illustrating the structure of a server according to an embodiment of the disclosure.
- each block of the flowchart illustrations, and combinations of blocks in the flowchart illustrations can be implemented by computer program instructions.
- These computer program instructions can be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart block or blocks.
- These computer program instructions may also be stored in a computer usable or computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer usable or computer-readable memory produce an article of manufacture including instruction means that implement the function specified in the flowchart block or blocks.
- the computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions that execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart block or blocks.
- each block of the flowchart illustrations may represent a module, segment, or portion of code, which includes one or more executable instructions for implementing the specified logical function(s). It should also be noted that in some alternative implementations, the functions noted in the blocks may occur out of the order. For example, two blocks shown in succession may in fact be executed substantially concurrently or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved.
- the “unit” refers to a software element or a hardware element, such as a Field Programmable Gate Array (FPGA) or an Application Specific Integrated Circuit (ASIC), which performs a predetermined function.
- FPGA Field Programmable Gate Array
- ASIC Application Specific Integrated Circuit
- the “unit” does not always have a meaning limited to software or hardware.
- the “unit” may be constructed either to be stored in an addressable storage medium or to execute one or more processors. Therefore, the “unit” includes, for example, software elements, object-oriented software elements, class elements or task elements, processes, functions, properties, procedures, sub-routines, segments of a program code, drivers, firmware, micro-codes, circuits, data, database, data structures, tables, arrays, and parameters.
- the elements and functions provided by the “unit” may be either combined into a smaller number of elements, “unit” or divided into a larger number of elements, “unit”. Moreover, the elements and “units” may be implemented to reproduce one or more CPUs within a device or a security multimedia card. Also, in an embodiment, the ‘ ⁇ unit’ may include one or more processors.
- a UICC is a smart card inserted and used in a mobile terminal and denotes a chip that stores personal information, such as network access authentication information of a mobile communication subscriber, phone books, and SMS, and performs subscriber authentication and traffic security key generation when accessing a mobile communication network, such as GSM, WCDMA, LTE, or the like, thereby enabling secure mobile communication usage.
- the UICC may be equipped with communication applications, such as a subscriber identification module (SIM), a universal SIM (USIM), IP multimedia SIM (ISIM), or the like, according to the type of mobile communication network accessed by the subscriber, and may provide a higher level security function for employing various applications such as an electronic wallet, ticketing, an electronic passport, and the like.
- an embedded UICC is a security module in the form of a chip embedded in a terminal, which cannot be inserted into and cannot be removed from the terminal.
- the eUICC may download and install a profile using over-the-air (OTA) technology.
- OTA over-the-air
- the eUICC may be referred to as a “UICC capable of downloading and installing a profile”.
- a method of downloading and installing a profile in the eUICC using the OTA technology may also be applied to a detachable UICC that can be inserted into and removed from the terminal. That is, the embodiments of the disclosure may be applied to a UICC capable of downloading and installing a profile using the OTA technology.
- UICC may be used interchangeably with “SIM”
- eUICC may be used interchangeably with “eSIM”.
- a profile may denote a package of an application, a file system, an authentication key value, and the like, which are stored in the UICC, in a software form.
- a USIM Profile may have the same meaning as the profile, or may denote a package of information included in the USIM application in the profile in a software form.
- a profile provision server may have a function of producing a profile, encrypting the produced profile, producing a remote profile management instruction, or encrypting the produced remote profile management instruction, and may be referred to as a “subscription manager data preparation (SM-DP)”, a “subscription manager data preparation plus (SM-DP+)”, an “off-card entity of profile domain”, a “profile encryption server”, a “profile producing server”, a “profile provisioner (PP)”, a “profile provider”, or a “profile provisioning credentials (PPC) holder”.
- SM-DP subscription manager data preparation
- SM-DP+ subscription manager data preparation plus
- PPC profile provisioning credentials
- a profile management server may be referred to as a “subscription manager secure routing (SM-SR)”, a “subscription manager secure routing plus (SM-SR+)”, an “off-card entity of eUICC profile manager”, a “profile management credentials (PMC) holder”, or an “eUICC manager (EM)”.
- SM-SR subscription manager secure routing
- PMC profile management credentials
- EM eUICC manager
- the profile provision server may encompass the functions of the profile management server. Therefore, in various embodiments of the disclosure, that is, in the following description, the operation of the profile provision server may also be performed by the profile management server. Likewise, the operation of the profile management server or the SM-SR may also be performed by the profile provision server.
- terminal as used herein may be referred to as a “mobile station (MS)”, “user equipment (UE)”, a “user terminal (UT)”, a “wireless terminal”, an “access terminal (AT)”, a “terminal”, a “subscriber unit”, a “subscriber station (SS)”, a “wireless device”, a “wireless communication device”, a “wireless transmit/receive unit (WTRU)”, a “mobile node”, “mobile”, or other terms.
- the terminal may include a cellular phone, a smartphone having a wireless communication function, a personal digital assistant (PDA) having a wireless communication function, a wireless modem, a portable computer having a wireless communication function, a photographing device, such as a digital camera, having a wireless communication function, a gaming device having a wireless communication function, home appliances for music storage and playback having a wireless communication function, Internet home appliances capable of wireless Internet access and browsing, a portable unit employing combinations of the above functions, or terminals thereof.
- the terminal may include a machine-to-machine (M2M) terminal or a machine type communication (MTC) terminal/device, but is not limited thereto.
- M2M machine-to-machine
- MTC machine type communication
- the electronic device may include an embedded UICC capable of downloading and installing a profile.
- a UICC physically separated from the electronic device may be inserted into the electronic device, thereby connecting to the electronic device.
- the UICC in the form of a card may be inserted into the electronic device.
- the electronic device may include the terminal, and in this case, the terminal may be a terminal including a UICC capable of downloading and installing a profile.
- the UICC may be embedded in the terminal, and in the case where the terminal and the UICC are separate from each other, the UICC may be inserted into the terminal to then be connected to the terminal.
- the UICC capable of downloading and installing a profile may be called, for example, an “eUICC”.
- the terminal or the electronic device may include software or an application installed in the terminal or the electronic device so as to control the UICC or the eUICC.
- the software or the application may, for example, be referred to as a “local profile assistant (LPA)”.
- LPA local profile assistant
- a profile identifier may be referred to as a “profile ID”, an “integrated circuit card ID (ICCID)”, a “matching ID”, an “event identifier (ID)”, an “activation code”, an “activation code token”, or a “factor matching ISD-P or a profile domain (PD)”.
- the profile ID may indicate a unique identifier of each profile.
- the profile identifier may include an address of a profile provision server (SM-DP+) capable of indexing profiles.
- SM-DP+ profile provision server
- an eUICC identifier may be a unique identifier of the eUICC embedded in the terminal, and may be referred to as an “EID”.
- the eUICC identifier may be a profile ID of the corresponding provisioning profile.
- the eUICC identifier may be a terminal ID.
- the eUICC identifier may denote a specific secure domain of the eUICC chip.
- a profile container may be referred to as a “profile domain”.
- the profile container may be a security domain.
- an application protocol data unit may be a message by which the terminal interworks with the eUICC.
- the APDU may be a message by which a PP or a PM interworks with the eUICC.
- profile provisioning credentials may be a means used in mutual authentication, profile encryption, and signature between the profile provision server and the eUICC.
- the PPC may include at least one of a symmetric key, a Rivest Shamir Adleman (RSA) certificate and a private key, an elliptic curved cryptography (ECC) certificate and a private key, a root certification authority (CA), and a certificate chain.
- RSA Rivest Shamir Adleman
- ECC elliptic curved cryptography
- CA root certification authority
- certificate chain a certificate chain.
- different PPCs may be stored in the eUICC or used for the respective profile provision servers.
- profile management credentials may be a means used in mutual authentication, transmission data encryption, and signature between the profile management server and the eUICC.
- the PMC may include at least one of a symmetric key, an RSA certificate and a private key, an ECC certificate and a private key, a root CA, and a certificate chain.
- different PMCs may be stored in the eUICC or used for the respective profile management servers.
- an AID may be an application identifier. This value may be an identifier for distinguishing between different applications in the eUICC.
- an event may denote profile download, remote profile management, or management/processing instructions of other profiles or the eUICC.
- Profile download may be used interchangeably with “profile installation”.
- an event type may be used to indicate whether a specific event is profile download, remote profile management, or a management/processing command of other profiles or the eUICC, and may be referred to as an “operation type (or operationtype)”, an “operation class (or operationclass)”, an “event request type”, an “event class”, an “event request class”, or the like.
- a “profile package” may be used interchangeably with a “profile”, or may be used as a term indicating a data object of a specific profile, and may be referred to as a “profile TLV” or a “profile package TLV”.
- the profile package may be referred to as a “protected profile package (PPP)” or a “protected profile package TLV (PPP TLV)”.
- PPP protected profile package
- PPP TLV protected profile package
- the profile package may be referred to as a “bound profile package (BPP)” or a “bound profile package TLV (BPP TLV)”.
- the profile package TLV may be a data set representing information constituting the profile in a TLV (tag, length, and value) format.
- remote profile management may be referred to as “remote profile management”, “remote management”, a “remote management command”, a “remote command”, a “remote profile management (RPM) package”, a “remote profile management package”, a “remote management package”, a “remote management command package”, or a “remote command package”.
- the RPM may be used to change the status of a specific profile (enabled, disabled, or deleted) or update the content of a specific profile (e.g., a profile nickname, profile metadata, or the like).
- the RPM may include one or more remote management commands, and in this case, the profiles, which are targets of the respective remote management commands, may be the same or different depending on the remote management commands.
- a certificate or a digital certificate may denote a digital certificate used for mutual authentication based on an asymmetric key including a pair of a public key (PK) and a secret key (SK).
- Each certificate may include one or more public keys (PKs), public key identifiers (PKIDs) corresponding to the respective public keys, an identifier of a certificate issuer (CI) who issued the certificate (a certificate issuer ID), and a digital signature thereof.
- the certificate issuer may be referred to as a “certification issuer”, a “certificate authority (CA)”, a “certification authority”, or the like.
- the public key (PK) and the public key ID (PKID) may denote a specific public key or a certificate containing the corresponding public key, a portion of a specific public key or a portion of a certificate containing the corresponding public key, an operation result value of a specific public key (e.g., hash) or an operation result value of a certificate containing the corresponding public key (e.g., hash), an operation result value of a portion of a specific public key (e.g., hash) or an operation result value of a portion of a certificate containing the corresponding public key (e.g., hash), or a storage space storing the above data, and may be used interchangeably therewith.
- the correlation of the certificates may be referred to as a “certificate chain” or a “certificate hierarchy”.
- the CI certificate used in initial certificate issuance may be referred to as a “root of certificate”, a “highest certificate”, a “root CI”, a “root CI certificate, a “root CA”, a “root CA certificate”, or the like.
- AKA may indicate authentication and key agreement, and may represent an authentication algorithm for accessing 3GPP and 3GPP2 networks.
- K is an encryption key value stored in the eUICC, which is used in the AKA authentication algorithm.
- Oc is a parameter value that may be stored in the eUICC, which is used in the AKA authentication algorithm.
- an “NAA” is a network access application, and may be an application program such as USIM or ISIM stored in the UICC and accessing a network.
- the NAA may be a network access module.
- FIG. 1 is a diagram 100 illustrating a method of connecting a terminal to a mobile communication network using a UICC equipped with a profile fixed to the terminal.
- a UICC 120 may be inserted into a terminal 110 .
- the UICC may be detachable, or may be embedded in the terminal.
- the fixed profile of the UICC equipped with the fixed profile denotes that “access information” for accessing a specific communication provider is fixed.
- the access information may be, for example, an IMSI, which is a subscriber identifier, and a value “K” or “Ki” necessary for authentication in access to the network together with the subscriber identifier.
- the terminal may perform authentication with an authentication processing system ⁇ e.g., a home location register (HLR) or AuC) of a mobile communication provider using the UICC.
- the authentication process may be an authentication and key agreement (AKA) process. If authentication is successful, the terminal may use mobile communication services, such as a phone call or usage of mobile data using the mobile communication network 130 of the mobile communication system.
- FIG. 2 is a diagram 200 illustrating an example of a hierarchy of certificate (or a certificate chain) issued by a certificate issuer (CI) and an example of configuration of a public key and a digital signature of a certificate issuer (CI), which are included in each certificate.
- CI certificate issuer
- the certificate issuer may produce a public key and a secret key to be used by the certificate issuer, may produce a certificate issuer (CI) certificate 211 by including the public key 213 , among the above keys, in its own certificate, and may attach, to the certificate, a digital signature 215 produced using its own secret key with respect to the certificate.
- the CI certificate 211 may be used to issue a certificate 231 of Object 1 (see 291 ).
- Object 1 may be, for example, a profile management server (SM-DP+).
- Object 1 may produce a public key and a secret key to be used by itself, may produce a certificate 231 of Object 1 by including the public key 233 , among the keys, in its own certificate, and may make a request to the certificate issuer, thereby receiving certificate issuer (CI) digital signature 235 using the certificate issuer (CI) secret key.
- CI certificate issuer
- the certificate 231 of Object 1 may include a certificate issuer (CI) public key identifier (ID) (CI PKID) 237 corresponding to the certificate issuer (CI) public key 213 , which is to be used when checking the certificate issuer signature 235 contained in the corresponding certificate.
- CI certificate issuer
- ID public key identifier
- CI PKID certificate issuer
- the CI certificate 211 may be used to issue a certificate 251 of Object 2 (see 293 ).
- Object 2 may be, for example, an eUICC manufacturer (EUM).
- EUM eUICC manufacturer
- Object 2 may produce a public key and a secret key to be used by itself, may produce a certificate 251 of Object 2 by including the public key 253 , among the above keys, in its own certificate, and may make a request to the certificate issuer, thereby receiving a certificate issuer (CI) digital signature 255 using the certificate issuer (CI) secret key.
- CI certificate issuer
- the certificate 251 of Object 2 may include a certificate issuer (CI) public key identifier (ID) (CI PKID) 237 corresponding to the certificate issuer (CI) public key 213 , which is to be used when checking the certificate issuer signature 255 included in the corresponding certificate.
- the certificate issuer signatures 235 and 255 contained in the certificate 231 of Object 1 and the certificate 251 of Object 2 may have different values from each other, but the certificate issuer public key identifiers (CI PKIDs) 237 have the same value.
- the certificate 251 of Object 2 may be used to issue a certificate 271 of Object 3 (see 295 ).
- Object 3 may be, for example, an eUICC manufactured by an eUICC manufacturer (EUM).
- Object 3 may produce a public key and a secret key to be used by itself, may produce a certificate 251 of Object 3 by including the public key 273 , among the above keys, in its own certificate, and may make a request to Object 2 , thereby receiving a digital signature 275 of Object 2 using the secret key of Object 2 .
- the certificate 271 of Object 3 may include a public key identifier (ID) (CI PKID) 277 corresponding to the public key 253 of Object 2 , which is to be used when checking the signature 275 of Object 2 contained in the corresponding certificate.
- ID public key identifier
- the certificate 231 of Object 1 , the certificate 251 of Object 2 , and the certificate 271 of Object 3 illustrated in the example of FIG. 2 all have the same CI certificate 211 as the highest certificate or the root of certificate. Therefore, Object 1 , Object 2 , and Object 3 require the CI certificate 211 or the CI public key 213 contained therein in order to authenticate each other. More specifically, in the example of FIG.
- Object 1 requires the signature of Object 2 , the certificate 251 of Object 2 , and the CI public key 213
- Object 2 requires the signature of Object 1 , the certificate 231 of Object 1 , and the CI public key 213 .
- Object 1 requires the signature of Object 3 , the certificate 271 of Object 3 , the certificate 251 of Object 2 , and the CI public key 213
- Object 3 requires the signature of Object 1 , the certificate 231 of Object 1 , and the CI public key 213
- the certificate 251 of Object 2 with respect to the certificate 271 of Object 3 may be referred to as a “sub-certificate issuer (sub CI) certificate” or a “sub-certificate authority (sub CA) certificate”.
- FIG. 3 is a diagram 300 illustrating a mutual authentication procedure between a server 310 and a terminal 350 .
- the server 310 may be, for example, a profile management server (SM-DP+) or a service discovery server (SM-DS).
- the terminal 350 may include software for controlling an eUICC ⁇ local profile assistant (LPA) ⁇ 320 and an eUICC 330 .
- LPA local profile assistant
- each of the server 310 , the LPA 320 , and the eUICC 330 may store one or more digital certificates.
- the LPA 320 may check a list of all CI public keys (CI PKIDs) supported by the eUICC 330 in step 3003 . More specifically, in step 3003 , the LPA 320 and the eUICC 330 may identify eUICC information using an eUICC information request (Get eUICC Info request) message and an eUICC information response (Get eUICC Info response) message.
- the eUICC information response message may include eUICC information, which is referred to as “euiccInfo1”, “euiccInfo”, or the like.
- the eUICC information may include a list of all CI PKIDs supported by the eUICC 330 .
- the LPA 320 and the server 310 may estimate a TLS connection.
- the TLS connection in step 3005 may be performed using a server authentication method, among TLS connection methods, in which the LPA 320 verifies the identity of the server 310 .
- the server 310 may submit a TLS certificate to the LPA 320 .
- the LPA 320 or the terminal 350 may store one or more CI PKIDs for validating the TLS certificate.
- the server 310 may submit one or more sub-CI certificates to the LPA 320 together with the TLS certificate in step 3005 . After the TLS connection is established, all messages between the LPA 320 and the server 310 may be protected by the TLS security procedure.
- the LPA 320 may make a request to the server 310 for initiating mutual authentication.
- the initiation of mutual authentication may be performed using an initiate authentication request message.
- the initiate authentication request message in step 3007 may include all CI PKIDs supported by the eUICC 330 , based on the information (euiccInfo1) of the eUICC 330 identified by the LPA 320 in step 3003 .
- the server 310 may respond to the LPA 320 with initiation of the mutual authentication.
- the mutual authentication response may use an initiate authentication response message.
- the initiate authentication response message in step 3009 may include one CI PKID selected from the list of CI PKIDs included in the information (euiccInfo1) of the eUICC 330 received by the server 310 in step 3007 , a server certificate capable of verifying the validity using the corresponding CI PKID, and a digital signature of the server 310 capable of verifying the validity using the corresponding server certificate.
- the CI PKID selected by the server 310 may be referred to as an “eUICC CI PKID to be used by the eUICC”.
- the initiate authentication response message in step 3009 may include one or more sub-CI certificates together with the server certificate.
- the certificate of the server 310 transmitted in step 3007 may be different from the TLS certificate of the server 310 transmitted in step 3005 .
- the CI that issues the certificate of the server 310 transmitted in step 3007 and the CI that issues the TLS certificate of the server 310 transmitted in step 3005 may be the same or different.
- the LPA 320 may make a request to the eUICC 330 for authentication of the server.
- the authentication request may be performed using an authenticate server request message.
- the authenticate server request message in step 3011 like the message received by the LPA 320 in step 3009 , may include a CI PKID that the server selects and transmits, a server certificate capable of verifying the validity using the corresponding CI PKID, one or more sub-CI certificates necessary for the verification of the validity, and a digital signature of the server 310 capable of verifying the validity using the server certificate.
- the authenticate server request message in step 3011 is information additionally produced by the LPA 320 , and may include information about the operation type that the terminal intends to perform.
- the eUICC 330 may transmit a server authentication result to the LPA 320 in reply.
- the authentication result may be transmitted using an authenticate server response message.
- the authenticate server response message in step 3013 may include a validity verification result with respect to the digital signature of the server 310 received by the eUICC 320 in step 3011 , a CI PKID that the server 310 selects and transmits, an eUICC certificate capable of verifying the validity using the corresponding CI PKID, one or more sub-CI certificates necessary for the verification of the validity, a digital signature of the eUICC 330 capable of verifying the validity using the eUICC certificate, and information about the operation type that the terminal intends to perform.
- the LPA 320 may make a request to the server 310 for authentication of the terminal.
- the authentication request of the terminal may be performed using an authenticate client request message.
- the authenticate client request message in step 3015 may include information received by the LPA 320 from the eUICC 330 in step 3013 .
- the server 310 may transmit an authentication result of the terminal in reply.
- the authentication result may be transmitted using an authenticate client response message.
- the authenticate client response message in step 3017 may include a validity verification result with respect to the digital signature of the eUICC 330 received by the server 310 in step 3015 and the information on an event or event summary corresponding to the operation type to be performed by the terminal 350 .
- the terminal 350 may install a profile or perform remote management of a profile according to the content of the event received in step 3017 .
- the terminal 350 verifies the server certificate using all CI PKIDs pre-stored in the eUICC 330 , it is difficult to limit a connection to the server 310 having a server certificate belonging to a certificate hierarchy of a specific CI certificate.
- FIG. 4 is a diagram 400 illustrating a procedure of identifying a server 310 having a server certificate belonging to a certificate hierarchy of a specific CI certificate when performing mutual authentication between the server 310 and a terminal 350 according to an embodiment of the disclosure.
- a description of the server 310 , the LPA 320 , the eUICC 330 , and the terminal 350 refers to the description made with reference to FIG. 3 .
- the LPA 320 may acquire public key identifier (CI PKID) information of the corresponding CI certificate in step 4001 .
- the LPA 320 may acquire the corresponding CI PKID information by the following methods, but the method is not necessarily limited thereto.
- the LPA 320 may check whether or not the eUICC 330 is able to support the corresponding CI PKID in relation to the CI PKID information acquired in step 4001 .
- the operation of the terminal 350 in step 4003 will be described in more detail with reference to FIG. 5 .
- the LPA 320 and the server 310 may perform a TLS connection.
- the TLS connection in step 4005 may be performed using a server authentication method in which the LPA 320 identifies the identity of the server 310 , among TLS connection methods.
- the server 310 may submit a TLS certificate to the LPA 320 .
- the LPA 320 or the terminal 350 may include one or more CI PKIDs for verifying the validity of the TLS certificate.
- the server 310 may submit one or more sub-CI certificates to the LPA 320 together with the TLS certificate in step 4005 .
- the terminal 350 may further check whether or not it is possible to verify the certificate of the TLS certificate and the sub-CI certificates, which are submitted by the server, using the CI PKID identified in step 4001 . After the TLS connection is established, all messages between the LPA 320 and the server 310 may be protected by the TLS security procedure.
- the LPA 320 may make a request to the server 310 for initiating mutual authentication.
- the initiation of mutual authentication may be performed using an initiate authentication request message.
- the initiate authentication request message in step 4007 may include a CI PKID that the LPA 320 acquires in step 4001 .
- the initiate authentication request message in step 4007 compared with step 3007 described in FIG. 3 , may include a CI PKID that is identified to be supported by the eUICC through the eUICC in step 4003 .
- the server 310 may respond to the LPA 320 with initiation of mutual authentication.
- the mutual authentication response may be performed using an initiate authentication response message.
- the initiate authentication response message in step 4009 may include the CI PKID received by the server 310 in step 4007 , a server certificate capable of verifying the validity using the corresponding CI PKID, and a digital signature of the server 310 capable of verifying the validity using the corresponding server certificate.
- the transmitted CI PKID may be referred to as an “eUICC CI PKID to be used by the eUICC”.
- the initiate authentication response message in step 4009 may include one or more sub-CI certificates together with the server certificate.
- the certificate of the server 310 transmitted in step 4009 may be different from the TLS certificate of the server 310 transmitted in step 4005 .
- the CI that issues the certificate of the server 310 transmitted in step 4009 and the CI that issues the TLS certificate of the server 310 transmitted in step 4005 may be the same or different.
- the LPA 320 may compare the CI PKID transmitted by the server 310 in step 4009 with the CI PKID transmitted by the LPA 320 in step 4007 . If the CI PKID transmitted by the server 310 is different from the CI PKID transmitted by the LPA 320 in step 4007 , the LPA 320 may terminate the communication.
- the LPA 320 may make a request to the eUICC 330 for authentication of the server.
- the authentication request may be performed using an authenticate server request message.
- the authenticate server request message in step 4011 like the message received by the LPA 320 in step 4009 , may include a CI PKID transmitted by the server 310 , a server certificate capable of verifying the validity using the corresponding CI PKID, one or more sub-CI certificates necessary for the verification of the validity, and a digital signature of the server 310 capable of verifying the validity using the server certificate.
- the authenticate server request message in step 4011 is information additionally produced by the LPA 320 , and may include information about the operation type that the terminal intends to perform.
- the eUICC 330 that has received the message in step 4011 may verify the validity of the certificates included in the message in step 4011 , and may verify the digital signature of the server 310 using the corresponding certificates. In this case, the eUICC 330 may further check whether or not the eUICC 330 is able to support the CI PKID included in the message in step 4011 and/or whether or not the CI PKID is available. If the CI PKID transmitted by the server 310 cannot be supported or if the CI PKID is not available, the eUICC 330 may terminate the communication.
- the eUICC 330 may transmit a server authentication result to the LPA 320 in reply.
- the authentication result may be transmitted using an authenticate server response message.
- the authenticate server response message in step 4013 may include the validity verification result with respect to the digital signature of the server 310 received by the eUICC 320 in step 4011 , a CI PKID transmitted by the server 310 , an eUICC certificate capable of verifying the validity using the corresponding CI PKID, one or more sub-CI certificates necessary for the verification of the validity, a digital signature of the eUICC 330 capable of verifying the validity using the eUICC certificate, and information about the operation type that the terminal intends to perform.
- a description of the subsequent operations in steps 4015 to 4019 refers to the description of the operations in steps 3015 to 3019 in FIG. 3 .
- the terminal 350 verifies the server certificate using a specific CI PKID input in step 4001 , it is possible to limit a connection to the server 310 having a server certificate belonging to a certificate hierarchy of a specific CI certificate.
- FIG. 5 is a diagram 500 illustrating the operations of the LPA 320 and the eUICC 330 in detail in relation to the operation in step 4003 described in FIG. 4 .
- a description of the LPA 320 , the eUICC 330 , and the terminal 350 refers to the description made with reference to FIG. 3 .
- the LPA 320 may acquire CI PKID information as in step 4001 of FIG. 4 .
- a detailed description of step 4001 refers to the description made with reference to FIG. 4 .
- the terminal 350 may check whether or not the eUICC 330 is able to support the corresponding CI PKID in the following manner.
- the LPA 320 may compare the CI PKID information acquired in step 4001 with eUICC information (euiccInfo1 or euiccInfo) temporarily cached in the LPA 320 in step 5003 . More specifically, in the case where the LPA 320 caches the eUICC information (euiccInfo1 or euiccInfo) identified by the method as described in step 3003 of FIG. 3 in a temporary storage before step 4001 , the LPA 320 may compare a list of all CI PKIDs supported by the eUICC, which are included in the temporary storage, with the CI PKID information acquired in step 4001 . As a result of the comparison, if it is determined that the eUICC 330 does not support the CI PKID acquired in step 4001 , the LPA 320 may terminate communication.
- eUICC information euiccInfo1 or euiccInfo
- the LPA 320 may transmit a message to the eUICC ( 330 ) to identify a list of CI PKIDs supported by the eUICC ( 330 ), and may compare the same with the CI PKID in step 4001 . More specifically, the LPA 320 may transmit an information request message to the eUICC 330 in step 5005 after step 4001 .
- the message in step 5005 may be referred to as a “Get eUICC info request message”, a “Get eUICC challenge request message”, an “authenticate server request message”, or the like.
- the message in step 5005 may include an identifier of the profile (a profile ID, an ICCID, or an AID) to be the target of the remote profile management in the future.
- the eUICC 330 may retrieve CI PKID information from the profile corresponding to the profile identifier received in step 5005 , or may acquire all CI PKID information supported by the eUICC 330 , thereby transmitting, to the LPA 320 , the corresponding CI PKID information together with the eUICC information (euiccInfo1 or euiccInfo).
- the message in step 5007 may be referred to as a “Get eUICC info response message”, a “Get eUICC challenge response message”, or an “authenticate server response message”.
- the LPA 320 may compare the response of the eUICC 330 received in step 5007 with the CI PKID acquired in step 4001 . As a result of the comparison, if it is determined that the eUICC 330 does not support the CI PKID acquired in step 4001 , the LPA 320 may terminate communication.
- the LPA 320 may transmit a message to the eUICC 330 , thereby making a request for checking whether or not the eUICC 330 supports the CI PKID in step 4001 . More specifically, the LPA 320 may transmit a checking request message to the eUICC 330 in step 5011 after step 4001 .
- the message in step 5011 may be referred to as a “Get eUICC info request message”, a “Get eUICC challenge request message”, or an “authenticate server request message”.
- the message in step 5011 may include the CI PKID information in step 4001 for making a request for checking whether or not the eUICC 330 supports, and may further include an identifier of the profile (a profile ID, an ICCID, or an AID) to be the target of the remote profile management in the future.
- an identifier of the profile a profile ID, an ICCID, or an AID
- the eUICC 330 may compare the CI PKID information in step 4001 , which is received in step 5011 , with a list of CI PKIDs supported by the eUICC 330 , or may compare CI PKID information retrieved from the profile corresponding to the corresponding profile identifier received in step 5011 with a list of CI PKIDs supported by the eUICC 330 , thereby identifying whether or not the eUICC 330 supports the corresponding CI PKID. If the eUICC does not support the corresponding CI PKID, the eUICC 330 may transmit a specific error code in reply, and may terminate communication.
- the eUICC 330 may transmit, to the LPA 320 , a checking response message including at least one of information on whether or not the corresponding CI PKID is supported, the corresponding CI PKID information, eUICC information (euiccInfo1 or euiccInfo), and an eUICC random challenge.
- the message in step 5015 may be referred to as a “Get eUICC info response message”, a “Get eUICC challenge response message”, or an “authenticate server response message”. If the eUICC 330 transmits an error code indicating that the CI PKID is not supported in reply, the LPA 320 may terminate the communication.
- FIG. 6 is a diagram illustrating the structure 600 of a terminal according to an embodiment of the disclosure.
- the terminal may include a transceiver 610 , a controller 620 , and a storage unit 630 .
- the controller may be defined as a circuit, an application-specific integrated circuit, or at least one processor.
- the terminal may further include an eUICC, and the eUICC may be inserted into or embedded in the terminal.
- the transceiver 610 may transmit and receive signals to and from other network entities. For example, the transceiver 610 may transmit, to the profile management server, digital certificate issuer information trusted by the terminal and a random character string (nonce or random challenge) that the profile management server (SM-DP+) uses when producing a signature for self-authentication, or may receive, from the profile management server, a signature of the profile management server, one or more digital certificates to be used to verify the signature of the profile management server, and a random character string that the eUICC in the terminal uses when producing a signature for self-authentication.
- SM-DP+ random character string
- the transceiver 610 may transmit a signature of the eUICC and one or more digital certificates to be used to verify the signature of the eUICC.
- the transceiver 610 may further transmit information on the operation type that the terminal intends to perform to the profile management server, or may receive some or all of information on an operation to be performed by the terminal from the profile management server. However, the transceiver 610 may selectively transmit information on the operation type that the terminal intends to perform.
- the controller 620 may control the overall operation of the terminal according to the embodiment proposed by the disclosure. For example, the controller 620 may control signal flow between blocks so as to perform the operations according to the flowcharts described above.
- the controller 620 may identify digital certificate issuer information to be trusted by the terminal with reference to the eUICC in the terminal, may verify the validity of a digital certificate and digital certificate issuer information transmitted by the profile management server, may identify a signature of the profile management server, and may produce a signature of the eUICC. In addition, the controller 620 may perform an operation of installing or managing a profile according to the information received from the profile management server.
- controller 620 may control the operation of the transceiver or the storage unit.
- the storage unit 630 may store at least one piece of information transmitted and received through the transceiver 610 and information produced through the controller 620 .
- the terminal of the disclosure may further include an input unit for receiving digital certificate issuer information to be trusted by the terminal.
- the terminal may receive the digital certificate issuer information from a server or a network, may refer to information pre-stored in the terminal, or may receive the digital certificate issuer information from a third-party software in the terminal.
- the third-party software may pre-store digital certificate issuer information to be trusted by the terminal, or may receive the same from a server or a network.
- FIG. 7 is a diagram illustrating the structure 700 of a server according to an embodiment of the disclosure.
- the server may include a transceiver 710 , a controller 720 , and a storage unit 730 .
- the controller may be defined as a circuit, an application-specific integrated circuit, or at least one processor.
- the transceiver 710 may transmit and receive signals to and from other network entities.
- the transceiver 710 may receive, from a terminal, digital certificate issuer information trusted by the terminal and a random character string (nonce or random challenge) that the profile management server uses when producing a signature for self-authentication.
- the transceiver 710 may transmit, to the terminal, a signature of the profile management server, one or more digital certificates to be used to verify the signature of the profile management server, and a random character string that the eUICC in the terminal uses when producing a signature for self-authentication, and may receive a signature of the eUICC and one or more digital certificates to be used to verify the signature of the eUICC.
- the transceiver 710 may further receive information on the operation type that the terminal intends to perform from the terminal. However, the information on the operation type that the terminal intends to perform may be selectively transmitted.
- the transceiver 710 may transmit, to the terminal, some of all of information on the operation to be performed by the terminal.
- the controller 720 may control the overall operation of the terminal according to the embodiment proposed by the disclosure. For example, the controller 720 may control a signal flow between blocks so as to perform the operations according to the flowcharts described above.
- the controller 720 may verify whether or not digital certificate issuer information trusted by the terminal is valid, may determine whether or not the server is also able to trust the digital certificate issuer trusted by the terminal, may select a digital certificate corresponding to digital certificate issuer information trusted by the terminal, and may produce a signature of the profile management server.
- the controller 720 may verify the validity of a digital certificate transmitted by the terminal, may identify a signature of the eUICC, and may determine the operation type to be performed by the terminal.
- controller 720 may control the operation of the transceiver or the storage unit.
- the storage unit 730 may store at least one piece of information transmitted and received through the transceiver 710 and information produced through the controller 720 .
- a component included in the disclosure is expressed in the singular or the plural according to a presented detailed embodiment.
- the singular form or plural form is selected for convenience of description suitable for the presented situation, and various embodiments of the disclosure are not limited to a single element or multiple elements thereof. Further, either multiple elements expressed in the description may be configured into a single element or a single element in the description may be configured into multiple elements.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
Description
- The disclosure relates to a method and an apparatus for downloading and installing communication services by a terminal, thereby establishing a communication connection in a communication system. The disclosure also relates to a method and an apparatus for downloading, installing, and managing a profile online in a communication system.
- In order to meet wireless data traffic demands that have increased after 4G communication system commercialization, efforts to develop an improved 5G communication system or a pre-5G communication system have been made. For this reason, the 5G communication system or the pre-5G communication system is called a beyond 4G network communication system or a post LTE system.
- In order to achieve a high data transmission rate, an implementation of the 5G communication system in a mmWave band (for example, 60 GHz band) is being considered. In the 5G communication system, technologies such as beamforming, massive MIMO, Full Dimensional MIMO (FD-MIMO), array antenna, analog beam-forming, and large scale antenna are being discussed as means to mitigate a propagation path loss in the mm Wave band and increase a propagation transmission distance.
- Further, the 5G communication system has developed technologies such as an evolved small cell, an advanced small cell, a cloud Radio Access Network (RAN), an ultra-dense network, Device to Device communication (D2D), a wireless backhaul, a moving network, cooperative communication, Coordinated Multi-Points (CoMP), and received interference cancellation to improve the system network.
- In addition, the 5G system has developed Advanced Coding Modulation (ACM) schemes such as Hybrid FSK and QAM Modulation (FQAM) and Sliding Window Superposition Coding (SWSC), and advanced access technologies such as Filter Bank Multi Carrier (FBMC), Non Orthogonal Multiple Access (NOMA), and Sparse Code Multiple Access (SCMA).
- Meanwhile, the Internet has been evolved to an Internet of Things (IoT) network in which distributed components such as objects exchange and process information from a human-oriented connection network in which humans generate and consume information. An Internet of Everything (IoE) technology in which a big data processing technology through a connection with a cloud server or the like is combined with the IoT technology has emerged. In order to implement IoT, technical factors such as a sensing technique, wired/wireless communication, network infrastructure, service-interface technology, and security technology are required, and research on technologies such as a sensor network, Machine-to-Machine (M2M) communication, Machine-Type Communication (MTC), and the like for connection between objects has recently been conducted. In an IoT environment, through collection and analysis of data generated in connected objects, an intelligent Internet Technology (IT) service to create a new value for peoples' lives may be provided. The IoT may be applied to fields such as those of a smart home, a smart building, a smart city, a smart car, a connected car, a smart grid, health care, a smart home appliance, or high-tech medical services through the convergence of the conventional Information Technology (IT) and various industries.
- Accordingly, various attempts to apply the 5G communication to the IoT network are made. For example, technologies, such as a sensor network, machine-to-machine (M2M) communication, machine type communication (MTC), and the like, are being implemented by 5G communication techniques such as beamforming, MIMO, array antennas, and the like. The application of a cloud RAN as the big data processing technology may be an example of convergence of the 5G technology and the IoT technology.
- A universal integrated circuit card (UICC) is a smart card that is inserted into a mobile terminal and the like for use and is also called a “UICC”. The UICC may include an access control module for accessing a mobile communication provider's network. Examples of the access control module include a universal subscriber identity module (USIM), a subscriber identity module (SIM), an IP multimedia service identity module (ISIM), and the like. A UICC including a USIM is commonly called a “USIM card”. Likewise, a UICC including a SIM module is commonly called a “SIM card”. In the following description of the disclosure, a SIM card will be used as a typical meaning encompassing a UICC, a USIM card, a UICC including an ISIM, and the like. That is, although a description is made of the SIM card, techniques thereof may be equally applied to a USIM card, an ISIM card, or a general UICC.
- The SIM card stores personal information of a mobile communication subscriber and performs subscriber authentication and producing a traffic security key when accessing a mobile communication network, thereby enabling secure usage of mobile communication.
- At the time of proposing the disclosure, the SIM card is generally manufactured as a dedicated card to a specific mobile communication provider at the request of the corresponding provider when manufacturing the card, and authentication information of the corresponding provider for network access, such as a universal subscriber identity module (USIM) application, an international mobile subscriber identity (IMSI), a K value, an OPc value, and the like, are prerecorded in the card to then be provided. Therefore, the manufactured SIM card is supplied to the corresponding mobile communication provider, and the mobile communication provider provides the SIM card to the subscriber. Thereafter, if necessary, it is possible to perform management of installation, modification, and deletion of an application with respect to the UICC using technology such as over-the-air (OTA) or the like. The subscriber may insert the UICC into a mobile terminal owned by the subscriber, thereby using the network and application services of the corresponding mobile communication provider. When replacing the terminal, the subscriber may take out the UICC from the existing terminal and insert the same into a new terminal, thereby using authentication information, a mobile phone number, personal phone books, and the like without any change.
- However, the SIM card is inconvenient for the user of the mobile terminal when receiving services from other mobile communication providers. The user of the mobile terminal must physically acquire a SIM card in order to receive services from a mobile communication provider. For example, if the user travels to another country, the user must acquire a local SIM card in order to receive local mobile communication services. Although a roaming service solves the above inconvenience to some extent, a service charge of the roaming service is very high, and the roaming service requires a separate contract between the mobile communication providers.
- Meanwhile, if a SIM module is able to be remotely downloaded and installed in the UICC, most of the inconveniences may be eliminated. That is, the user may download, to the UICC, a SIM module of the mobile communication services to be used at the time desired by the user. In addition, the UICC may download and install a plurality of SIM modules, and may select and use only one of the SIM modules. The UICC may or may not be fixed to the terminal. In particular, a UICC fixed to a terminal is called an “embedded UICC (eUICC)”. Typically, the eUICC denotes a UICC that is fixed to a terminal and may select a SIM module by remotely downloading the same. In the disclosure, a UICC capable of remotely downloading and selecting the SIM module will be collectively referred to as an “eUICC”. That is, among the UICCs capable of remotely downloading and selecting the SIM module, the UICC that is or is not fixed to the terminal will be collectively referred to as an “eUICC”. In addition, SIM module information to be downloaded will be collectively referred to as an “eUICC profile”.
- An aspect of the disclosure is to provide a method and an apparatus in which a terminal selects a communication service for a communication connection in a communication system. Another aspect of the disclosure is to provide a method and an apparatus in which a terminal downloads, installs, and manages a profile for a communication connection online in a communication system. Another aspect of the disclosure is to provide an apparatus and a method for safely providing a profile to a terminal in a communication system.
- In particular, the disclosure proposes the following solutions for the above purposes.
-
- A method for transmitting digital certificate issuer information trusted by a terminal to a profile management server (SM-DP+)
- A method in which the profile management server (SM-DP+) transmits a digital certificate corresponding to the above information to a terminal in reply
- A message exchange procedure between the terminal and the profile management server (SM-DP+).
- In order to solve the above problems, a method for performing an authentication procedure by a terminal in a wireless communication system may include: acquiring public key identifiers of a specific certificate issuer (CI); identifying public key identifiers supported by a universal integrated circuit card (UICC) of the terminal; determining a public key identifier belonging to the acquired public key identifiers, among the public key identifiers supported by the UICC of the terminal; and transmitting an authentication request message containing the determined public key identifier to a server (e.g., a profile management server SM+DP−).
- The identifying may include comparing the acquired public key identifiers with UICC information cached in the terminal or receiving information about the public key identifier supported by the UICC and comparing the same with the acquired public key identifiers, and public key identifiers that are not included in the acquired public key identifiers may be excluded from the public key identifiers supported by the UICC, thereby limiting the public key identifiers used in the authentication procedure.
- The acquiring may include acquiring the public key identifier of the specific CI by receiving a user input with respect to the terminal, retrieving information stored in the UICC, retrieving an activation code, retrieving a command code, receiving the same from a profile-related server, or retrieving a profile installed in the UICC.
- The method may further include receiving an authentication response message containing a public key identifier to be used by the UICC from the server, and if the public key identifier to be used by the UICC, which is included in the authentication response message, is different from the acquired public key identifiers, if the public key identifier to be used by the UICC is not supported by the UICC, if the UICC does not support the acquired public key identifiers, or if there is no public key identifier belonging to the acquired public key identifiers, among public key identifiers supported by the UICC, the authentication procedure may be terminated.
- In order to solve the above problems, a terminal according to an embodiment may include: a transceiver configured to transmit and receive a signal; and a controller configured to acquire public key identifiers of a specific certificate issuer (CI), identify public key identifiers supported by a universal integrated circuit card (UICC) of the terminal, determine a public key identifier belonging to the acquired public key identifiers, among the public key identifiers supported by the UICC of the terminal, transmit an authentication request message containing the determined public key identifier to a server, and verify a public key identifier to be used by the UICC, which is contained in an authentication response message transmitted by the server.
- In order to solve the above problems, a method according to an embodiment may include: receiving an authentication request message containing a public key identifier from a terminal; and transmitting, to the terminal, an authentication response message containing a public key identifier to be used by a universal integrated circuit card (UICC) of the terminal, wherein the public key identifier contained in the authentication request message may belong to public key identifiers pre-acquired by the terminal, among public key identifiers supported by the UICC of the terminal.
- In order to solve the above problems, a server according to an embodiment may include: a transceiver configured to transmit and receive a signal; and a controller configured to receive an authentication request message containing a public key identifier from a terminal and transmit, to the terminal, an authentication response message containing a public key identifier to be used by a universal integrated circuit card (UICC) of the terminal, wherein the public key identifier contained in the authentication request message may belong to public key identifiers pre-acquired by the terminal, among public key identifiers supported by the UICC of the terminal.
- The technical subjects pursued in the disclosure may not be limited to the above mentioned technical subjects, and other technical subjects which are not mentioned may be clearly understood, through the following descriptions, by those skilled in the art of the disclosure.
- According to embodiments of the disclosure, the terminal can inform the profile management server (SM-DP+) of digital certificate issuer information trusted by the terminal, and can receive a digital certificate issued by a digital certificate issuer that the terminal trusts from the profile management server (SM-DP+) in a communication system. Accordingly, the terminal and the profile management server (SM-DP+) can reduce the security threat during a mutual authentication process using a digital certificate issued by a specific digital certificate issuer during the mutual authentication.
-
FIG. 1 is a diagram illustrating a method in which a terminal connects to a mobile communication network using a UICC equipped with a fixed profile. -
FIG. 2 is a diagram illustrating an example of a certificate hierarchy for certificates issued by a specific certificate issuer. -
FIG. 3 is a diagram illustrating a mutual authentication procedure between a server and a terminal. -
FIG. 4 is a diagram illustrating a procedure of discussing a certificate to be used during a mutual authentication procedure between a server and a terminal according to an embodiment. -
FIG. 5 is a diagram illustrating a procedure for selecting a certificate to be suggested by a terminal to be used for a mutual authentication procedure to a server according to an embodiment. -
FIG. 6 is a diagram illustrating the structure of a terminal according to an embodiment of the disclosure. -
FIG. 7 is a diagram illustrating the structure of a server according to an embodiment of the disclosure. - Hereinafter, embodiments of the disclosure will be described in detail with reference to the accompanying drawings.
- In describing the exemplary embodiments of the disclosure, descriptions related to technical contents which are well-known in the art to which the disclosure pertains, and are not directly associated with the disclosure, will be omitted. Such an omission of unnecessary descriptions is intended to prevent obscuring of the main idea of the disclosure and more clearly transfer the main idea.
- For the same reason, in the accompanying drawings, some elements may be exaggerated, omitted, or schematically illustrated. Further, the size of each element does not entirely reflect the actual size. In the drawings, identical or corresponding elements are provided with identical reference numerals.
- The specific terms used herein are provided for ease of understanding the disclosure, and such specific terms may be changed into other forms without departing from the spirit and scope of the disclosure.
- The advantages and features of the disclosure and ways to achieve them will be apparent by making reference to embodiments as described below in detail in conjunction with the accompanying drawings. However, the disclosure is not limited to the embodiments set forth below, but may be implemented in various different forms. The following embodiments are provided only to completely disclose the disclosure and inform those skilled in the art of the scope of the disclosure, and the disclosure is defined only by the scope of the appended claims.
- Here, it will be understood that each block of the flowchart illustrations, and combinations of blocks in the flowchart illustrations, can be implemented by computer program instructions. These computer program instructions can be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart block or blocks. These computer program instructions may also be stored in a computer usable or computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer usable or computer-readable memory produce an article of manufacture including instruction means that implement the function specified in the flowchart block or blocks. The computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions that execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart block or blocks.
- And each block of the flowchart illustrations may represent a module, segment, or portion of code, which includes one or more executable instructions for implementing the specified logical function(s). It should also be noted that in some alternative implementations, the functions noted in the blocks may occur out of the order. For example, two blocks shown in succession may in fact be executed substantially concurrently or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved.
- As used herein, the “unit” refers to a software element or a hardware element, such as a Field Programmable Gate Array (FPGA) or an Application Specific Integrated Circuit (ASIC), which performs a predetermined function. However, the “unit does not always have a meaning limited to software or hardware. The “unit” may be constructed either to be stored in an addressable storage medium or to execute one or more processors. Therefore, the “unit” includes, for example, software elements, object-oriented software elements, class elements or task elements, processes, functions, properties, procedures, sub-routines, segments of a program code, drivers, firmware, micro-codes, circuits, data, database, data structures, tables, arrays, and parameters. The elements and functions provided by the “unit” may be either combined into a smaller number of elements, “unit” or divided into a larger number of elements, “unit”. Moreover, the elements and “units” may be implemented to reproduce one or more CPUs within a device or a security multimedia card. Also, in an embodiment, the ‘˜ unit’ may include one or more processors.
- First, terms used in this specification will be defined.
- In this specification, a UICC is a smart card inserted and used in a mobile terminal and denotes a chip that stores personal information, such as network access authentication information of a mobile communication subscriber, phone books, and SMS, and performs subscriber authentication and traffic security key generation when accessing a mobile communication network, such as GSM, WCDMA, LTE, or the like, thereby enabling secure mobile communication usage. The UICC may be equipped with communication applications, such as a subscriber identification module (SIM), a universal SIM (USIM), IP multimedia SIM (ISIM), or the like, according to the type of mobile communication network accessed by the subscriber, and may provide a higher level security function for employing various applications such as an electronic wallet, ticketing, an electronic passport, and the like.
- In this specification, an embedded UICC (eUICC) is a security module in the form of a chip embedded in a terminal, which cannot be inserted into and cannot be removed from the terminal. The eUICC may download and install a profile using over-the-air (OTA) technology. The eUICC may be referred to as a “UICC capable of downloading and installing a profile”.
- In this specification, a method of downloading and installing a profile in the eUICC using the OTA technology may also be applied to a detachable UICC that can be inserted into and removed from the terminal. That is, the embodiments of the disclosure may be applied to a UICC capable of downloading and installing a profile using the OTA technology.
- In this specification, the term “UICC” may be used interchangeably with “SIM”, and the term “eUICC” may be used interchangeably with “eSIM”.
- In this specification, a profile may denote a package of an application, a file system, an authentication key value, and the like, which are stored in the UICC, in a software form.
- In this specification, a USIM Profile may have the same meaning as the profile, or may denote a package of information included in the USIM application in the profile in a software form.
- In this specification, a profile provision server may have a function of producing a profile, encrypting the produced profile, producing a remote profile management instruction, or encrypting the produced remote profile management instruction, and may be referred to as a “subscription manager data preparation (SM-DP)”, a “subscription manager data preparation plus (SM-DP+)”, an “off-card entity of profile domain”, a “profile encryption server”, a “profile producing server”, a “profile provisioner (PP)”, a “profile provider”, or a “profile provisioning credentials (PPC) holder”.
- In this specification, a profile management server may be referred to as a “subscription manager secure routing (SM-SR)”, a “subscription manager secure routing plus (SM-SR+)”, an “off-card entity of eUICC profile manager”, a “profile management credentials (PMC) holder”, or an “eUICC manager (EM)”.
- In this specification, the profile provision server may encompass the functions of the profile management server. Therefore, in various embodiments of the disclosure, that is, in the following description, the operation of the profile provision server may also be performed by the profile management server. Likewise, the operation of the profile management server or the SM-SR may also be performed by the profile provision server.
- The term “terminal” as used herein may be referred to as a “mobile station (MS)”, “user equipment (UE)”, a “user terminal (UT)”, a “wireless terminal”, an “access terminal (AT)”, a “terminal”, a “subscriber unit”, a “subscriber station (SS)”, a “wireless device”, a “wireless communication device”, a “wireless transmit/receive unit (WTRU)”, a “mobile node”, “mobile”, or other terms. Various embodiments of the terminal may include a cellular phone, a smartphone having a wireless communication function, a personal digital assistant (PDA) having a wireless communication function, a wireless modem, a portable computer having a wireless communication function, a photographing device, such as a digital camera, having a wireless communication function, a gaming device having a wireless communication function, home appliances for music storage and playback having a wireless communication function, Internet home appliances capable of wireless Internet access and browsing, a portable unit employing combinations of the above functions, or terminals thereof. In addition, the terminal may include a machine-to-machine (M2M) terminal or a machine type communication (MTC) terminal/device, but is not limited thereto. In this specification, the terminal may be referred to as an “electronic device”.
- In this specification, the electronic device may include an embedded UICC capable of downloading and installing a profile. In the case where the UICC is not embedded in the electronic device, a UICC physically separated from the electronic device may be inserted into the electronic device, thereby connecting to the electronic device. For example, the UICC in the form of a card may be inserted into the electronic device. The electronic device may include the terminal, and in this case, the terminal may be a terminal including a UICC capable of downloading and installing a profile. The UICC may be embedded in the terminal, and in the case where the terminal and the UICC are separate from each other, the UICC may be inserted into the terminal to then be connected to the terminal. The UICC capable of downloading and installing a profile may be called, for example, an “eUICC”.
- In this specification, the terminal or the electronic device may include software or an application installed in the terminal or the electronic device so as to control the UICC or the eUICC. The software or the application may, for example, be referred to as a “local profile assistant (LPA)”.
- In this specification, a profile identifier may be referred to as a “profile ID”, an “integrated circuit card ID (ICCID)”, a “matching ID”, an “event identifier (ID)”, an “activation code”, an “activation code token”, or a “factor matching ISD-P or a profile domain (PD)”. The profile ID may indicate a unique identifier of each profile. The profile identifier may include an address of a profile provision server (SM-DP+) capable of indexing profiles.
- In this specification, an eUICC identifier (eUICC ID) may be a unique identifier of the eUICC embedded in the terminal, and may be referred to as an “EID”. In addition, in the case where the eUICC is equipped with a provisioning profile, the eUICC identifier may be a profile ID of the corresponding provisioning profile. In addition, in the case where the terminal and the eUICC chip are not separate as in the embodiment of the disclosure, the eUICC identifier may be a terminal ID. In addition, the eUICC identifier may denote a specific secure domain of the eUICC chip.
- In this specification, a profile container may be referred to as a “profile domain”. The profile container may be a security domain.
- In this specification, an application protocol data unit (APDU) may be a message by which the terminal interworks with the eUICC. In addition, the APDU may be a message by which a PP or a PM interworks with the eUICC.
- In this specification, profile provisioning credentials (PPC) may be a means used in mutual authentication, profile encryption, and signature between the profile provision server and the eUICC. The PPC may include at least one of a symmetric key, a Rivest Shamir Adleman (RSA) certificate and a private key, an elliptic curved cryptography (ECC) certificate and a private key, a root certification authority (CA), and a certificate chain. In addition, if there is a plurality of profile provision servers, different PPCs may be stored in the eUICC or used for the respective profile provision servers.
- In this specification, profile management credentials (PMC) may be a means used in mutual authentication, transmission data encryption, and signature between the profile management server and the eUICC. The PMC may include at least one of a symmetric key, an RSA certificate and a private key, an ECC certificate and a private key, a root CA, and a certificate chain. In addition, if there is a plurality of profile management servers, different PMCs may be stored in the eUICC or used for the respective profile management servers.
- In this specification, an AID may be an application identifier. This value may be an identifier for distinguishing between different applications in the eUICC.
- In this specification, an event may denote profile download, remote profile management, or management/processing instructions of other profiles or the eUICC. “Profile download” may be used interchangeably with “profile installation”. In addition, an event type may be used to indicate whether a specific event is profile download, remote profile management, or a management/processing command of other profiles or the eUICC, and may be referred to as an “operation type (or operationtype)”, an “operation class (or operationclass)”, an “event request type”, an “event class”, an “event request class”, or the like.
- In this specification, a “profile package” may be used interchangeably with a “profile”, or may be used as a term indicating a data object of a specific profile, and may be referred to as a “profile TLV” or a “profile package TLV”. In the case where a profile package is encrypted using encryption parameters, the profile package may be referred to as a “protected profile package (PPP)” or a “protected profile package TLV (PPP TLV)”. In the case where a profile package is encrypted using encryption parameters that can be decrypted only by a specific eUICC, the profile package may be referred to as a “bound profile package (BPP)” or a “bound profile package TLV (BPP TLV)”. The profile package TLV may be a data set representing information constituting the profile in a TLV (tag, length, and value) format.
- In this specification, remote profile management (RPM) may be referred to as “remote profile management”, “remote management”, a “remote management command”, a “remote command”, a “remote profile management (RPM) package”, a “remote profile management package”, a “remote management package”, a “remote management command package”, or a “remote command package”. The RPM may be used to change the status of a specific profile (enabled, disabled, or deleted) or update the content of a specific profile (e.g., a profile nickname, profile metadata, or the like). The RPM may include one or more remote management commands, and in this case, the profiles, which are targets of the respective remote management commands, may be the same or different depending on the remote management commands.
- In this specification, a certificate or a digital certificate may denote a digital certificate used for mutual authentication based on an asymmetric key including a pair of a public key (PK) and a secret key (SK). Each certificate may include one or more public keys (PKs), public key identifiers (PKIDs) corresponding to the respective public keys, an identifier of a certificate issuer (CI) who issued the certificate (a certificate issuer ID), and a digital signature thereof. In addition, the certificate issuer may be referred to as a “certification issuer”, a “certificate authority (CA)”, a “certification authority”, or the like. In this specification, the public key (PK) and the public key ID (PKID) may denote a specific public key or a certificate containing the corresponding public key, a portion of a specific public key or a portion of a certificate containing the corresponding public key, an operation result value of a specific public key (e.g., hash) or an operation result value of a certificate containing the corresponding public key (e.g., hash), an operation result value of a portion of a specific public key (e.g., hash) or an operation result value of a portion of a certificate containing the corresponding public key (e.g., hash), or a storage space storing the above data, and may be used interchangeably therewith.
- In this specification, if certificates issued by a single certificate issuer (primary certificates) are used to issue other certificates (secondary certificates), or if the secondary certificates are successively used to issue third or more certificates, the correlation of the certificates may be referred to as a “certificate chain” or a “certificate hierarchy”. In this case, the CI certificate used in initial certificate issuance may be referred to as a “root of certificate”, a “highest certificate”, a “root CI”, a “root CI certificate, a “root CA”, a “root CA certificate”, or the like.
- In this specification, AKA may indicate authentication and key agreement, and may represent an authentication algorithm for accessing 3GPP and 3GPP2 networks.
- In this specification, “K” is an encryption key value stored in the eUICC, which is used in the AKA authentication algorithm.
- In this specification, “OPc” is a parameter value that may be stored in the eUICC, which is used in the AKA authentication algorithm.
- In this specification, an “NAA” is a network access application, and may be an application program such as USIM or ISIM stored in the UICC and accessing a network. The NAA may be a network access module.
- In describing the disclosure, a detailed description of related known functions or configurations, which may unnecessarily obscure the subject matter of the disclosure, will be omitted.
-
FIG. 1 is a diagram 100 illustrating a method of connecting a terminal to a mobile communication network using a UICC equipped with a profile fixed to the terminal. - Referring to
FIG. 1 , aUICC 120 may be inserted into a terminal 110. In this case, the UICC may be detachable, or may be embedded in the terminal. The fixed profile of the UICC equipped with the fixed profile denotes that “access information” for accessing a specific communication provider is fixed. The access information may be, for example, an IMSI, which is a subscriber identifier, and a value “K” or “Ki” necessary for authentication in access to the network together with the subscriber identifier. - Then, the terminal may perform authentication with an authentication processing system {e.g., a home location register (HLR) or AuC) of a mobile communication provider using the UICC. The authentication process may be an authentication and key agreement (AKA) process. If authentication is successful, the terminal may use mobile communication services, such as a phone call or usage of mobile data using the
mobile communication network 130 of the mobile communication system. -
FIG. 2 is a diagram 200 illustrating an example of a hierarchy of certificate (or a certificate chain) issued by a certificate issuer (CI) and an example of configuration of a public key and a digital signature of a certificate issuer (CI), which are included in each certificate. - Referring to
FIG. 2 , the certificate issuer (CI) may produce a public key and a secret key to be used by the certificate issuer, may produce a certificate issuer (CI)certificate 211 by including thepublic key 213, among the above keys, in its own certificate, and may attach, to the certificate, adigital signature 215 produced using its own secret key with respect to the certificate. - In addition, referring to
FIG. 2 , theCI certificate 211 may be used to issue acertificate 231 of Object 1 (see 291).Object 1 may be, for example, a profile management server (SM-DP+).Object 1 may produce a public key and a secret key to be used by itself, may produce acertificate 231 ofObject 1 by including thepublic key 233, among the keys, in its own certificate, and may make a request to the certificate issuer, thereby receiving certificate issuer (CI)digital signature 235 using the certificate issuer (CI) secret key. In this case, thecertificate 231 ofObject 1 may include a certificate issuer (CI) public key identifier (ID) (CI PKID) 237 corresponding to the certificate issuer (CI)public key 213, which is to be used when checking thecertificate issuer signature 235 contained in the corresponding certificate. - In addition, referring to
FIG. 2 , theCI certificate 211 may be used to issue acertificate 251 of Object 2 (see 293).Object 2 may be, for example, an eUICC manufacturer (EUM).Object 2 may produce a public key and a secret key to be used by itself, may produce acertificate 251 ofObject 2 by including thepublic key 253, among the above keys, in its own certificate, and may make a request to the certificate issuer, thereby receiving a certificate issuer (CI)digital signature 255 using the certificate issuer (CI) secret key. In this case, thecertificate 251 ofObject 2 may include a certificate issuer (CI) public key identifier (ID) (CI PKID) 237 corresponding to the certificate issuer (CI)public key 213, which is to be used when checking thecertificate issuer signature 255 included in the corresponding certificate. Thecertificate issuer signatures certificate 231 ofObject 1 and thecertificate 251 ofObject 2 may have different values from each other, but the certificate issuer public key identifiers (CI PKIDs) 237 have the same value. - In addition, referring to
FIG. 2 , thecertificate 251 ofObject 2 may be used to issue acertificate 271 of Object 3 (see 295).Object 3 may be, for example, an eUICC manufactured by an eUICC manufacturer (EUM).Object 3 may produce a public key and a secret key to be used by itself, may produce acertificate 251 ofObject 3 by including thepublic key 273, among the above keys, in its own certificate, and may make a request toObject 2, thereby receiving adigital signature 275 ofObject 2 using the secret key ofObject 2. In this case, thecertificate 271 ofObject 3 may include a public key identifier (ID) (CI PKID) 277 corresponding to thepublic key 253 ofObject 2, which is to be used when checking thesignature 275 ofObject 2 contained in the corresponding certificate. - The
certificate 231 ofObject 1, thecertificate 251 ofObject 2, and thecertificate 271 ofObject 3 illustrated in the example ofFIG. 2 all have thesame CI certificate 211 as the highest certificate or the root of certificate. Therefore,Object 1,Object 2, andObject 3 require theCI certificate 211 or the CIpublic key 213 contained therein in order to authenticate each other. More specifically, in the example ofFIG. 2 , in order forObject 1 andObject 2 to authenticate each other using digital certificates and signatures,Object 1 requires the signature ofObject 2, thecertificate 251 ofObject 2, and the CIpublic key 213, andObject 2 requires the signature ofObject 1, thecertificate 231 ofObject 1, and the CIpublic key 213. - In addition, in the example of
FIG. 2 , in order forObject 1 andObject 3 to authenticate each other using digital certificates and signature,Object 1 requires the signature ofObject 3, thecertificate 271 ofObject 3, thecertificate 251 ofObject 2, and the CIpublic key 213, andObject 3 requires the signature ofObject 1, thecertificate 231 ofObject 1, and the CIpublic key 213. In this case, thecertificate 251 ofObject 2 with respect to thecertificate 271 ofObject 3 may be referred to as a “sub-certificate issuer (sub CI) certificate” or a “sub-certificate authority (sub CA) certificate”. -
FIG. 3 is a diagram 300 illustrating a mutual authentication procedure between aserver 310 and a terminal 350. - In
FIG. 3 , theserver 310 may be, for example, a profile management server (SM-DP+) or a service discovery server (SM-DS). In addition, inFIG. 3 , the terminal 350 may include software for controlling an eUICC {local profile assistant (LPA)} 320 and aneUICC 330. In addition, inFIG. 3 , each of theserver 310, theLPA 320, and theeUICC 330 may store one or more digital certificates. - Referring to
FIG. 3 , theLPA 320 may check a list of all CI public keys (CI PKIDs) supported by theeUICC 330 instep 3003. More specifically, instep 3003, theLPA 320 and theeUICC 330 may identify eUICC information using an eUICC information request (Get eUICC Info request) message and an eUICC information response (Get eUICC Info response) message. The eUICC information response message may include eUICC information, which is referred to as “euiccInfo1”, “euiccInfo”, or the like. The eUICC information may include a list of all CI PKIDs supported by theeUICC 330. - In
step 3005, theLPA 320 and theserver 310 may estimate a TLS connection. The TLS connection instep 3005 may be performed using a server authentication method, among TLS connection methods, in which theLPA 320 verifies the identity of theserver 310. When theLPA 320 identifies the identity of theserver 310 during the TLS connection instep 3005, theserver 310 may submit a TLS certificate to theLPA 320. TheLPA 320 or the terminal 350 may store one or more CI PKIDs for validating the TLS certificate. If one or more sub-CI certificates are required for validating the TLS certificate of theserver 310 using the CI PKID, theserver 310 may submit one or more sub-CI certificates to theLPA 320 together with the TLS certificate instep 3005. After the TLS connection is established, all messages between theLPA 320 and theserver 310 may be protected by the TLS security procedure. - In
operation 3007, theLPA 320 may make a request to theserver 310 for initiating mutual authentication. The initiation of mutual authentication may be performed using an initiate authentication request message. The initiate authentication request message instep 3007 may include all CI PKIDs supported by theeUICC 330, based on the information (euiccInfo1) of theeUICC 330 identified by theLPA 320 instep 3003. - In
operation 3009, theserver 310 may respond to theLPA 320 with initiation of the mutual authentication. The mutual authentication response may use an initiate authentication response message. The initiate authentication response message instep 3009 may include one CI PKID selected from the list of CI PKIDs included in the information (euiccInfo1) of theeUICC 330 received by theserver 310 instep 3007, a server certificate capable of verifying the validity using the corresponding CI PKID, and a digital signature of theserver 310 capable of verifying the validity using the corresponding server certificate. In this case, the CI PKID selected by theserver 310 may be referred to as an “eUICC CI PKID to be used by the eUICC”. In addition, if one or more sub-CI certificates are required to determine validity of theserver 310 using the selected CI PKID, the initiate authentication response message instep 3009 may include one or more sub-CI certificates together with the server certificate. The certificate of theserver 310 transmitted instep 3007 may be different from the TLS certificate of theserver 310 transmitted instep 3005. In addition, the CI that issues the certificate of theserver 310 transmitted instep 3007 and the CI that issues the TLS certificate of theserver 310 transmitted instep 3005 may be the same or different. - In
operation 3011, theLPA 320 may make a request to theeUICC 330 for authentication of the server. The authentication request may be performed using an authenticate server request message. The authenticate server request message instep 3011, like the message received by theLPA 320 instep 3009, may include a CI PKID that the server selects and transmits, a server certificate capable of verifying the validity using the corresponding CI PKID, one or more sub-CI certificates necessary for the verification of the validity, and a digital signature of theserver 310 capable of verifying the validity using the server certificate. In addition, the authenticate server request message instep 3011 is information additionally produced by theLPA 320, and may include information about the operation type that the terminal intends to perform. - In
step 3013, theeUICC 330 may transmit a server authentication result to theLPA 320 in reply. The authentication result may be transmitted using an authenticate server response message. The authenticate server response message instep 3013 may include a validity verification result with respect to the digital signature of theserver 310 received by theeUICC 320 instep 3011, a CI PKID that theserver 310 selects and transmits, an eUICC certificate capable of verifying the validity using the corresponding CI PKID, one or more sub-CI certificates necessary for the verification of the validity, a digital signature of theeUICC 330 capable of verifying the validity using the eUICC certificate, and information about the operation type that the terminal intends to perform. - In
operation 3015, theLPA 320 may make a request to theserver 310 for authentication of the terminal. The authentication request of the terminal may be performed using an authenticate client request message. The authenticate client request message instep 3015 may include information received by theLPA 320 from theeUICC 330 instep 3013. - In
operation 3017, theserver 310 may transmit an authentication result of the terminal in reply. The authentication result may be transmitted using an authenticate client response message. The authenticate client response message instep 3017 may include a validity verification result with respect to the digital signature of theeUICC 330 received by theserver 310 instep 3015 and the information on an event or event summary corresponding to the operation type to be performed by theterminal 350. - In
step 3019, the terminal 350 may install a profile or perform remote management of a profile according to the content of the event received instep 3017. - According to the mutual authentication procedure between the
server 310 and the terminal 350 shown inFIG. 3 , since the terminal 350 verifies the server certificate using all CI PKIDs pre-stored in theeUICC 330, it is difficult to limit a connection to theserver 310 having a server certificate belonging to a certificate hierarchy of a specific CI certificate. -
FIG. 4 is a diagram 400 illustrating a procedure of identifying aserver 310 having a server certificate belonging to a certificate hierarchy of a specific CI certificate when performing mutual authentication between theserver 310 and a terminal 350 according to an embodiment of the disclosure. - In
FIG. 4 , a description of theserver 310, theLPA 320, theeUICC 330, and the terminal 350 refers to the description made with reference toFIG. 3 . - Referring to
FIG. 4 , as a method for restricting the certificate of theserver 310 to the certificate belonging to a certificate hierarchy of a specific CI certificate when performing mutual authentication later, theLPA 320 may acquire public key identifier (CI PKID) information of the corresponding CI certificate instep 4001. TheLPA 320 may acquire the corresponding CI PKID information by the following methods, but the method is not necessarily limited thereto. -
- Direct user input to terminal
- Retrieve some data of eUICC storage space
- Retrieve profile installed in eUICC
- Retrieve activation code used in installation of profile
- Transfer by 3rd party software to LPA in command code form
- Transfer by specific server relaying profile installation or remote management to LPA
- Transfer by server managing terminal, LPA, eUICC to LPA
- In
step 4003, theLPA 320 may check whether or not theeUICC 330 is able to support the corresponding CI PKID in relation to the CI PKID information acquired instep 4001. The operation of the terminal 350 instep 4003 will be described in more detail with reference toFIG. 5 . - In
operation 4005, theLPA 320 and theserver 310 may perform a TLS connection. The TLS connection instep 4005 may be performed using a server authentication method in which theLPA 320 identifies the identity of theserver 310, among TLS connection methods. When theLPA 320 identifies the identity of theserver 310 in the TLS connection process instep 4005, theserver 310 may submit a TLS certificate to theLPA 320. TheLPA 320 or the terminal 350 may include one or more CI PKIDs for verifying the validity of the TLS certificate. If one or more sub-CI certificates are required for verifying the validity of the TLS certificate of theserver 310 using the CI PKID, theserver 310 may submit one or more sub-CI certificates to theLPA 320 together with the TLS certificate instep 4005. Instep 4005, compared withstep 3005 described inFIG. 3 , the terminal 350 may further check whether or not it is possible to verify the certificate of the TLS certificate and the sub-CI certificates, which are submitted by the server, using the CI PKID identified instep 4001. After the TLS connection is established, all messages between theLPA 320 and theserver 310 may be protected by the TLS security procedure. - In
operation 4007, theLPA 320 may make a request to theserver 310 for initiating mutual authentication. The initiation of mutual authentication may be performed using an initiate authentication request message. The initiate authentication request message instep 4007, compared withstep 3007 described inFIG. 3 , may include a CI PKID that theLPA 320 acquires instep 4001. In addition, the initiate authentication request message instep 4007, compared withstep 3007 described inFIG. 3 , may include a CI PKID that is identified to be supported by the eUICC through the eUICC instep 4003. - In
operation 4009, theserver 310 may respond to theLPA 320 with initiation of mutual authentication. The mutual authentication response may be performed using an initiate authentication response message. The initiate authentication response message instep 4009 may include the CI PKID received by theserver 310 instep 4007, a server certificate capable of verifying the validity using the corresponding CI PKID, and a digital signature of theserver 310 capable of verifying the validity using the corresponding server certificate. In this case, the transmitted CI PKID may be referred to as an “eUICC CI PKID to be used by the eUICC”. In addition, if one or more sub-CI certificates are required to determine the validity of theserver 310 using the corresponding CI PKID, the initiate authentication response message instep 4009 may include one or more sub-CI certificates together with the server certificate. The certificate of theserver 310 transmitted instep 4009 may be different from the TLS certificate of theserver 310 transmitted instep 4005. In addition, the CI that issues the certificate of theserver 310 transmitted instep 4009 and the CI that issues the TLS certificate of theserver 310 transmitted instep 4005 may be the same or different. In addition, theLPA 320 may compare the CI PKID transmitted by theserver 310 instep 4009 with the CI PKID transmitted by theLPA 320 instep 4007. If the CI PKID transmitted by theserver 310 is different from the CI PKID transmitted by theLPA 320 instep 4007, theLPA 320 may terminate the communication. - In
operation 4011, theLPA 320 may make a request to theeUICC 330 for authentication of the server. The authentication request may be performed using an authenticate server request message. The authenticate server request message instep 4011, like the message received by theLPA 320 instep 4009, may include a CI PKID transmitted by theserver 310, a server certificate capable of verifying the validity using the corresponding CI PKID, one or more sub-CI certificates necessary for the verification of the validity, and a digital signature of theserver 310 capable of verifying the validity using the server certificate. In addition, the authenticate server request message instep 4011 is information additionally produced by theLPA 320, and may include information about the operation type that the terminal intends to perform. TheeUICC 330 that has received the message instep 4011 may verify the validity of the certificates included in the message instep 4011, and may verify the digital signature of theserver 310 using the corresponding certificates. In this case, theeUICC 330 may further check whether or not theeUICC 330 is able to support the CI PKID included in the message instep 4011 and/or whether or not the CI PKID is available. If the CI PKID transmitted by theserver 310 cannot be supported or if the CI PKID is not available, theeUICC 330 may terminate the communication. - In
step 4013, theeUICC 330 may transmit a server authentication result to theLPA 320 in reply. The authentication result may be transmitted using an authenticate server response message. The authenticate server response message instep 4013 may include the validity verification result with respect to the digital signature of theserver 310 received by theeUICC 320 instep 4011, a CI PKID transmitted by theserver 310, an eUICC certificate capable of verifying the validity using the corresponding CI PKID, one or more sub-CI certificates necessary for the verification of the validity, a digital signature of theeUICC 330 capable of verifying the validity using the eUICC certificate, and information about the operation type that the terminal intends to perform. - A description of the subsequent operations in
steps 4015 to 4019 refers to the description of the operations insteps 3015 to 3019 inFIG. 3 . - According to the mutual authentication procedure between the
server 310 and the terminal 350 shown inFIG. 4 , since the terminal 350 verifies the server certificate using a specific CI PKID input instep 4001, it is possible to limit a connection to theserver 310 having a server certificate belonging to a certificate hierarchy of a specific CI certificate. -
FIG. 5 is a diagram 500 illustrating the operations of theLPA 320 and theeUICC 330 in detail in relation to the operation instep 4003 described inFIG. 4 . - In
FIG. 5 , a description of theLPA 320, theeUICC 330, and the terminal 350 refers to the description made with reference toFIG. 3 . - Referring to
FIG. 5 , theLPA 320 may acquire CI PKID information as instep 4001 ofFIG. 4 . A detailed description ofstep 4001 refers to the description made with reference toFIG. 4 . Thereafter, the terminal 350 may check whether or not theeUICC 330 is able to support the corresponding CI PKID in the following manner. - As an example 5100, the
LPA 320 may compare the CI PKID information acquired instep 4001 with eUICC information (euiccInfo1 or euiccInfo) temporarily cached in theLPA 320 instep 5003. More specifically, in the case where theLPA 320 caches the eUICC information (euiccInfo1 or euiccInfo) identified by the method as described instep 3003 ofFIG. 3 in a temporary storage beforestep 4001, theLPA 320 may compare a list of all CI PKIDs supported by the eUICC, which are included in the temporary storage, with the CI PKID information acquired instep 4001. As a result of the comparison, if it is determined that theeUICC 330 does not support the CI PKID acquired instep 4001, theLPA 320 may terminate communication. - As another example 5200, in
steps 5005 to 5009, theLPA 320 may transmit a message to the eUICC (330) to identify a list of CI PKIDs supported by the eUICC (330), and may compare the same with the CI PKID instep 4001. More specifically, theLPA 320 may transmit an information request message to theeUICC 330 instep 5005 afterstep 4001. The message instep 5005 may be referred to as a “Get eUICC info request message”, a “Get eUICC challenge request message”, an “authenticate server request message”, or the like. In addition, the message instep 5005 may include an identifier of the profile (a profile ID, an ICCID, or an AID) to be the target of the remote profile management in the future. Instep 5007, theeUICC 330 may retrieve CI PKID information from the profile corresponding to the profile identifier received instep 5005, or may acquire all CI PKID information supported by theeUICC 330, thereby transmitting, to theLPA 320, the corresponding CI PKID information together with the eUICC information (euiccInfo1 or euiccInfo). The message instep 5007 may be referred to as a “Get eUICC info response message”, a “Get eUICC challenge response message”, or an “authenticate server response message”. Thereafter, instep 5009, theLPA 320 may compare the response of theeUICC 330 received instep 5007 with the CI PKID acquired instep 4001. As a result of the comparison, if it is determined that theeUICC 330 does not support the CI PKID acquired instep 4001, theLPA 320 may terminate communication. - As another example 5300, in
steps 5011 to 5015, theLPA 320 may transmit a message to theeUICC 330, thereby making a request for checking whether or not theeUICC 330 supports the CI PKID instep 4001. More specifically, theLPA 320 may transmit a checking request message to theeUICC 330 instep 5011 afterstep 4001. The message instep 5011 may be referred to as a “Get eUICC info request message”, a “Get eUICC challenge request message”, or an “authenticate server request message”. In addition, the message instep 5011 may include the CI PKID information instep 4001 for making a request for checking whether or not theeUICC 330 supports, and may further include an identifier of the profile (a profile ID, an ICCID, or an AID) to be the target of the remote profile management in the future. In this regard, instep 5013, theeUICC 330 may compare the CI PKID information instep 4001, which is received instep 5011, with a list of CI PKIDs supported by theeUICC 330, or may compare CI PKID information retrieved from the profile corresponding to the corresponding profile identifier received instep 5011 with a list of CI PKIDs supported by theeUICC 330, thereby identifying whether or not theeUICC 330 supports the corresponding CI PKID. If the eUICC does not support the corresponding CI PKID, theeUICC 330 may transmit a specific error code in reply, and may terminate communication. Instep 5015, theeUICC 330 may transmit, to theLPA 320, a checking response message including at least one of information on whether or not the corresponding CI PKID is supported, the corresponding CI PKID information, eUICC information (euiccInfo1 or euiccInfo), and an eUICC random challenge. The message instep 5015 may be referred to as a “Get eUICC info response message”, a “Get eUICC challenge response message”, or an “authenticate server response message”. If theeUICC 330 transmits an error code indicating that the CI PKID is not supported in reply, theLPA 320 may terminate the communication. -
FIG. 6 is a diagram illustrating thestructure 600 of a terminal according to an embodiment of the disclosure. - Referring to
FIG. 6 , the terminal may include atransceiver 610, acontroller 620, and astorage unit 630. In the disclosure, the controller may be defined as a circuit, an application-specific integrated circuit, or at least one processor. In addition, although not shown explicitly inFIG. 6 , the terminal may further include an eUICC, and the eUICC may be inserted into or embedded in the terminal. - The
transceiver 610 may transmit and receive signals to and from other network entities. For example, thetransceiver 610 may transmit, to the profile management server, digital certificate issuer information trusted by the terminal and a random character string (nonce or random challenge) that the profile management server (SM-DP+) uses when producing a signature for self-authentication, or may receive, from the profile management server, a signature of the profile management server, one or more digital certificates to be used to verify the signature of the profile management server, and a random character string that the eUICC in the terminal uses when producing a signature for self-authentication. - In addition, the
transceiver 610 may transmit a signature of the eUICC and one or more digital certificates to be used to verify the signature of the eUICC. In addition, thetransceiver 610 may further transmit information on the operation type that the terminal intends to perform to the profile management server, or may receive some or all of information on an operation to be performed by the terminal from the profile management server. However, thetransceiver 610 may selectively transmit information on the operation type that the terminal intends to perform. - The
controller 620 may control the overall operation of the terminal according to the embodiment proposed by the disclosure. For example, thecontroller 620 may control signal flow between blocks so as to perform the operations according to the flowcharts described above. - More specifically, the
controller 620 may identify digital certificate issuer information to be trusted by the terminal with reference to the eUICC in the terminal, may verify the validity of a digital certificate and digital certificate issuer information transmitted by the profile management server, may identify a signature of the profile management server, and may produce a signature of the eUICC. In addition, thecontroller 620 may perform an operation of installing or managing a profile according to the information received from the profile management server. - In addition, the
controller 620 may control the operation of the transceiver or the storage unit. - The
storage unit 630 may store at least one piece of information transmitted and received through thetransceiver 610 and information produced through thecontroller 620. - In addition, the terminal of the disclosure may further include an input unit for receiving digital certificate issuer information to be trusted by the terminal. However, in the case where the input unit is not provided, the terminal may receive the digital certificate issuer information from a server or a network, may refer to information pre-stored in the terminal, or may receive the digital certificate issuer information from a third-party software in the terminal. In the case of receiving the digital certificate issuer information from the third-party software, the third-party software may pre-store digital certificate issuer information to be trusted by the terminal, or may receive the same from a server or a network.
-
FIG. 7 is a diagram illustrating thestructure 700 of a server according to an embodiment of the disclosure. - Referring to
FIG. 7 , the server may include atransceiver 710, acontroller 720, and astorage unit 730. In the disclosure, the controller may be defined as a circuit, an application-specific integrated circuit, or at least one processor. - The
transceiver 710 may transmit and receive signals to and from other network entities. For example, thetransceiver 710 may receive, from a terminal, digital certificate issuer information trusted by the terminal and a random character string (nonce or random challenge) that the profile management server uses when producing a signature for self-authentication. - In addition, the
transceiver 710 may transmit, to the terminal, a signature of the profile management server, one or more digital certificates to be used to verify the signature of the profile management server, and a random character string that the eUICC in the terminal uses when producing a signature for self-authentication, and may receive a signature of the eUICC and one or more digital certificates to be used to verify the signature of the eUICC. In addition, thetransceiver 710 may further receive information on the operation type that the terminal intends to perform from the terminal. However, the information on the operation type that the terminal intends to perform may be selectively transmitted. - In addition, the
transceiver 710 may transmit, to the terminal, some of all of information on the operation to be performed by the terminal. - The
controller 720 may control the overall operation of the terminal according to the embodiment proposed by the disclosure. For example, thecontroller 720 may control a signal flow between blocks so as to perform the operations according to the flowcharts described above. - More specifically, the
controller 720 may verify whether or not digital certificate issuer information trusted by the terminal is valid, may determine whether or not the server is also able to trust the digital certificate issuer trusted by the terminal, may select a digital certificate corresponding to digital certificate issuer information trusted by the terminal, and may produce a signature of the profile management server. - In addition, the
controller 720 may verify the validity of a digital certificate transmitted by the terminal, may identify a signature of the eUICC, and may determine the operation type to be performed by the terminal. - In addition, the
controller 720 may control the operation of the transceiver or the storage unit. - The
storage unit 730 may store at least one piece of information transmitted and received through thetransceiver 710 and information produced through thecontroller 720. - In the above-described detailed embodiments of the disclosure, a component included in the disclosure is expressed in the singular or the plural according to a presented detailed embodiment. However, the singular form or plural form is selected for convenience of description suitable for the presented situation, and various embodiments of the disclosure are not limited to a single element or multiple elements thereof. Further, either multiple elements expressed in the description may be configured into a single element or a single element in the description may be configured into multiple elements.
- Although the embodiment has been described in the detailed description of the disclosure, the disclosure may be modified in various forms without departing from the scope of the disclosure. Therefore, the scope of the disclosure should not be defined as being limited to the embodiments, but should be defined by the appended claims and equivalents thereof.
Claims (15)
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR10-2017-0084794 | 2017-07-04 | ||
KR1020170084794A KR102382851B1 (en) | 2017-07-04 | 2017-07-04 | Apparatus and methods for esim device and server to negociate digital certificates |
PCT/KR2018/007244 WO2019009557A1 (en) | 2017-07-04 | 2018-06-26 | Method and apparatus for discussing digital certificate by esim terminal and server |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/KR2018/007244 A-371-Of-International WO2019009557A1 (en) | 2017-07-04 | 2018-06-26 | Method and apparatus for discussing digital certificate by esim terminal and server |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US17/529,830 Continuation US11943615B2 (en) | 2017-07-04 | 2021-11-18 | Method and apparatus for discussing digital certificate by ESIM terminal and server |
Publications (2)
Publication Number | Publication Date |
---|---|
US20210144551A1 true US20210144551A1 (en) | 2021-05-13 |
US11184769B2 US11184769B2 (en) | 2021-11-23 |
Family
ID=64951119
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US16/622,009 Active 2038-11-14 US11184769B2 (en) | 2017-07-04 | 2018-06-26 | Method and apparatus for discussing digital certificate by ESIM terminal and server |
US17/529,830 Active US11943615B2 (en) | 2017-07-04 | 2021-11-18 | Method and apparatus for discussing digital certificate by ESIM terminal and server |
Family Applications After (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US17/529,830 Active US11943615B2 (en) | 2017-07-04 | 2021-11-18 | Method and apparatus for discussing digital certificate by ESIM terminal and server |
Country Status (5)
Country | Link |
---|---|
US (2) | US11184769B2 (en) |
EP (1) | EP3605995A4 (en) |
KR (1) | KR102382851B1 (en) |
CN (2) | CN116248370A (en) |
WO (1) | WO2019009557A1 (en) |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20200314639A1 (en) * | 2017-12-19 | 2020-10-01 | Huawei Technologies Co., Ltd. | Profile management method, embedded universal integrated circuit card, and terminal |
US20210037007A1 (en) * | 2018-04-06 | 2021-02-04 | Samsung Electronics Co., Ltd. | Method and device for performing onboarding |
US11792024B2 (en) * | 2019-03-29 | 2023-10-17 | Nok Nok Labs, Inc. | System and method for efficient challenge-response authentication |
US20230379148A1 (en) * | 2013-11-19 | 2023-11-23 | Network-1 Technologies, Inc. | Key Derivation for a Module Using an Embedded Universal Integrated Circuit Card |
US11831409B2 (en) | 2018-01-12 | 2023-11-28 | Nok Nok Labs, Inc. | System and method for binding verifiable claims |
US11868995B2 (en) | 2017-11-27 | 2024-01-09 | Nok Nok Labs, Inc. | Extending a secure key storage for transaction confirmation and cryptocurrency |
US11929997B2 (en) | 2013-03-22 | 2024-03-12 | Nok Nok Labs, Inc. | Advanced authentication techniques and applications |
US12041039B2 (en) | 2019-02-28 | 2024-07-16 | Nok Nok Labs, Inc. | System and method for endorsing a new authenticator |
Families Citing this family (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR102237840B1 (en) * | 2016-12-01 | 2021-04-08 | 삼성전자 주식회사 | APPARATUS AND METHODS TO INSTALL AND MANAGE eSIM PROFILES |
US10659955B2 (en) | 2016-12-01 | 2020-05-19 | Samsung Electronics Co., Ltd. | Apparatus and method for installing and managing eSIM profiles |
KR102657876B1 (en) | 2018-09-07 | 2024-04-17 | 삼성전자주식회사 | Apparatus and methods for ssp device and server to negociate digital certificates |
KR102607207B1 (en) * | 2019-02-14 | 2023-11-29 | 삼성전자주식회사 | Method and apparatus for secondary platform bundle download using activation code |
EP3994905A1 (en) * | 2019-07-03 | 2022-05-11 | Telefonaktiebolaget LM Ericsson (publ) | Part 1 of remote sim provisioning of a subscriber entity |
CN113259096B (en) * | 2021-04-27 | 2021-11-12 | 江南信安(北京)科技有限公司 | Key online negotiation method and system suitable for communication environment of Internet of things |
Family Cites Families (40)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6304974B1 (en) * | 1998-11-06 | 2001-10-16 | Oracle Corporation | Method and apparatus for managing trusted certificates |
DK1476980T3 (en) * | 2002-02-22 | 2017-11-13 | Nokia Technologies Oy | DIGITAL CERTIFICATE REQUEST |
SE0202450D0 (en) * | 2002-08-15 | 2002-08-15 | Ericsson Telefon Ab L M | Non-repudiation of digital content |
JP4039277B2 (en) | 2003-03-06 | 2008-01-30 | ソニー株式会社 | RADIO COMMUNICATION SYSTEM, TERMINAL, PROCESSING METHOD IN THE TERMINAL, AND PROGRAM FOR CAUSING TERMINAL TO EXECUTE THE METHOD |
KR100704675B1 (en) * | 2005-03-09 | 2007-04-06 | 한국전자통신연구원 | authentication method and key generating method in wireless portable internet system |
US8412927B2 (en) | 2006-06-07 | 2013-04-02 | Red Hat, Inc. | Profile framework for token processing system |
US20080003980A1 (en) * | 2006-06-30 | 2008-01-03 | Motorola, Inc. | Subsidy-controlled handset device via a sim card using asymmetric verification and method thereof |
US8806565B2 (en) * | 2007-09-12 | 2014-08-12 | Microsoft Corporation | Secure network location awareness |
KR101084938B1 (en) | 2007-10-05 | 2011-11-18 | 인터디지탈 테크날러지 코포레이션 | Techniques for secure channelization between uicc and a terminal |
EP2332091A1 (en) * | 2008-07-28 | 2011-06-15 | Wisekey SA | Method and means for digital authentication of valuable goods |
FR2936391B1 (en) * | 2008-09-19 | 2010-12-17 | Oberthur Technologies | METHOD OF EXCHANGING DATA, SUCH AS CRYPTOGRAPHIC KEYS, BETWEEN A COMPUTER SYSTEM AND AN ELECTRONIC ENTITY, SUCH AS A MICROCIRCUIT CARD |
CN101631113B (en) * | 2009-08-19 | 2011-04-06 | 西安西电捷通无线网络通信股份有限公司 | Security access control method of wired LAN and system thereof |
KR101111381B1 (en) * | 2009-11-17 | 2012-02-24 | 최운호 | User identification system, apparatus, smart card and method for ubiquitous identity management |
US8516269B1 (en) * | 2010-07-28 | 2013-08-20 | Sandia Corporation | Hardware device to physical structure binding and authentication |
JP4970585B2 (en) * | 2010-11-10 | 2012-07-11 | 株式会社東芝 | Service providing system and unit device |
EP2461613A1 (en) * | 2010-12-06 | 2012-06-06 | Gemalto SA | Methods and system for handling UICC data |
US8621168B2 (en) * | 2010-12-17 | 2013-12-31 | Google Inc. | Partitioning the namespace of a contactless smart card |
US8494485B1 (en) | 2010-12-22 | 2013-07-23 | Mobile Iron, Inc. | Management of certificates for mobile devices |
US9009475B2 (en) | 2011-04-05 | 2015-04-14 | Apple Inc. | Apparatus and methods for storing electronic access clients |
CN102272743A (en) * | 2011-05-09 | 2011-12-07 | 华为终端有限公司 | Management method for information of universal integrated circuit card and device thereof |
KR101954450B1 (en) | 2011-09-05 | 2019-05-31 | 주식회사 케이티 | Method for Verification of Embedded UICC using eUICC Certificate, Method for Provisioning and MNO Switching, eUICC, MNO System and recording medium for the same |
CN102752375B (en) * | 2012-06-21 | 2015-10-28 | 惠州Tcl移动通信有限公司 | Realize the remote-operated method and system of smart card |
US20140082358A1 (en) * | 2012-09-17 | 2014-03-20 | General Instrument Corporation | Efficient key generator for distribution of sensitive material from mulitple application service providers to a secure element such as a universal integrated circuit card (uicc) |
US20140365781A1 (en) * | 2013-06-07 | 2014-12-11 | Technische Universitaet Darmstadt | Receiving a Delegated Token, Issuing a Delegated Token, Authenticating a Delegated User, and Issuing a User-Specific Token for a Resource |
CN106851628B (en) | 2013-12-05 | 2020-08-07 | 华为终端有限公司 | Method and device for downloading files of operator |
FR3014629B1 (en) * | 2013-12-06 | 2017-03-31 | Oberthur Technologies | METHODS FOR UPDATING A CACHED MEMORY OF A TELECOMMUNICATIONS TERMINAL |
WO2016119821A1 (en) * | 2015-01-27 | 2016-08-04 | Nokia Solutions And Networks Oy | Handling of certificates for embedded universal integrated circuit cards |
US10785645B2 (en) * | 2015-02-23 | 2020-09-22 | Apple Inc. | Techniques for dynamically supporting different authentication algorithms |
WO2016167536A1 (en) * | 2015-04-13 | 2016-10-20 | Samsung Electronics Co., Ltd. | Method and apparatus for managing a profile of a terminal in a wireless communication system |
US9883374B2 (en) * | 2015-04-21 | 2018-01-30 | Tracfone Wireless, Inc. | System and process for having wireless service value included in a SIM card |
CN106357711A (en) * | 2015-07-16 | 2017-01-25 | 成都速犀通信技术有限公司 | Cellphone data caching and synchronizing method depending on UICC (universal integrated circuit card) extension storage areas |
US9801046B2 (en) * | 2015-09-22 | 2017-10-24 | Lg Electronics Inc. | Method and apparatus for connecting with a network, by a terminal, in wireless communication |
FR3053203A1 (en) * | 2016-06-24 | 2017-12-29 | Orange | TECHNIQUE FOR DOWNLOADING A PROFILE OF ACCESS TO A NETWORK |
US10952051B2 (en) * | 2016-07-01 | 2021-03-16 | Qualcomm Incorporated | Core network connectionless small data transfer |
US9831903B1 (en) * | 2016-07-28 | 2017-11-28 | Apple Inc. | Update of a trusted name list |
CN108702617B (en) * | 2017-02-10 | 2021-01-12 | 华为技术有限公司 | Method, related equipment and system for updating public key of certificate issuer |
CN108667780B (en) * | 2017-03-31 | 2021-05-14 | 华为技术有限公司 | Identity authentication method, system, server and terminal |
US11533160B2 (en) * | 2017-04-05 | 2022-12-20 | Apple Inc. | Embedded universal integrated circuit card (eUICC) profile content management |
US10985926B2 (en) * | 2017-09-01 | 2021-04-20 | Apple Inc. | Managing embedded universal integrated circuit card (eUICC) provisioning with multiple certificate issuers (CIs) |
JP6967211B1 (en) * | 2021-07-22 | 2021-11-17 | 直樹 柴田 | Fully decentralized blockchain system and computer program for trading crypto assets that prevents illegal transactions while also allowing anonymous users to participate |
-
2017
- 2017-07-04 KR KR1020170084794A patent/KR102382851B1/en active IP Right Grant
-
2018
- 2018-06-26 WO PCT/KR2018/007244 patent/WO2019009557A1/en unknown
- 2018-06-26 CN CN202310109682.9A patent/CN116248370A/en active Pending
- 2018-06-26 US US16/622,009 patent/US11184769B2/en active Active
- 2018-06-26 EP EP18828873.2A patent/EP3605995A4/en active Pending
- 2018-06-26 CN CN201880045001.4A patent/CN110870281B/en active Active
-
2021
- 2021-11-18 US US17/529,830 patent/US11943615B2/en active Active
Cited By (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US11929997B2 (en) | 2013-03-22 | 2024-03-12 | Nok Nok Labs, Inc. | Advanced authentication techniques and applications |
US20230379148A1 (en) * | 2013-11-19 | 2023-11-23 | Network-1 Technologies, Inc. | Key Derivation for a Module Using an Embedded Universal Integrated Circuit Card |
US11868995B2 (en) | 2017-11-27 | 2024-01-09 | Nok Nok Labs, Inc. | Extending a secure key storage for transaction confirmation and cryptocurrency |
US20200314639A1 (en) * | 2017-12-19 | 2020-10-01 | Huawei Technologies Co., Ltd. | Profile management method, embedded universal integrated circuit card, and terminal |
US11516672B2 (en) * | 2017-12-19 | 2022-11-29 | Huawei Technologies Co., Ltd. | Profile management method, embedded universal integrated circuit card, and terminal |
US20230037497A1 (en) * | 2017-12-19 | 2023-02-09 | Huawei Technologies Co., Ltd. | Profile Management Method, Embedded Universal Integrated Circuit Card, and Terminal |
US12041456B2 (en) * | 2017-12-19 | 2024-07-16 | Huawei Technologies Co., Ltd. | Profile management method, embedded universal integrated circuit card, and terminal |
US11831409B2 (en) | 2018-01-12 | 2023-11-28 | Nok Nok Labs, Inc. | System and method for binding verifiable claims |
US20210037007A1 (en) * | 2018-04-06 | 2021-02-04 | Samsung Electronics Co., Ltd. | Method and device for performing onboarding |
US12095756B2 (en) * | 2018-04-06 | 2024-09-17 | Samsung Electronics Co., Ltd | Method and device for performing onboarding |
US12041039B2 (en) | 2019-02-28 | 2024-07-16 | Nok Nok Labs, Inc. | System and method for endorsing a new authenticator |
US11792024B2 (en) * | 2019-03-29 | 2023-10-17 | Nok Nok Labs, Inc. | System and method for efficient challenge-response authentication |
Also Published As
Publication number | Publication date |
---|---|
US20220078616A1 (en) | 2022-03-10 |
EP3605995A1 (en) | 2020-02-05 |
KR102382851B1 (en) | 2022-04-05 |
CN116248370A (en) | 2023-06-09 |
US11184769B2 (en) | 2021-11-23 |
US11943615B2 (en) | 2024-03-26 |
KR20190004499A (en) | 2019-01-14 |
CN110870281B (en) | 2023-05-26 |
WO2019009557A1 (en) | 2019-01-10 |
CN110870281A (en) | 2020-03-06 |
EP3605995A4 (en) | 2020-04-15 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11943615B2 (en) | Method and apparatus for discussing digital certificate by ESIM terminal and server | |
CN108028758B (en) | Method and apparatus for downloading profiles in a communication system | |
US10666660B2 (en) | Method and apparatus for providing profile | |
US11496883B2 (en) | Apparatus and method for access control on eSIM | |
KR102398276B1 (en) | Method and apparatus for downloading and installing a profile | |
US11589212B2 (en) | Method and apparatus for managing event in communication system | |
US11889586B2 (en) | Method and apparatus for negotiating EUICC version | |
US11991780B2 (en) | Method, apparatus, and system for authorizing remote profile management | |
CN112567772B (en) | Method, apparatus and system for authorizing remote profile management | |
US11792640B2 (en) | Method and device for managing eUICC profile installation rights |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
FEPP | Fee payment procedure |
Free format text: ENTITY STATUS SET TO UNDISCOUNTED (ORIGINAL EVENT CODE: BIG.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY |
|
AS | Assignment |
Owner name: SAMSUNG ELECTRONICS CO., LTD., KOREA, REPUBLIC OF Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:LEE, HYEWON;LEE, DUCKEY;KANG, SUJUNG;AND OTHERS;REEL/FRAME:051330/0544 Effective date: 20191028 |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: NOTICE OF ALLOWANCE MAILED -- APPLICATION RECEIVED IN OFFICE OF PUBLICATIONS |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: PUBLICATIONS -- ISSUE FEE PAYMENT RECEIVED |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: AWAITING TC RESP, ISSUE FEE PAYMENT VERIFIED |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: PUBLICATIONS -- ISSUE FEE PAYMENT VERIFIED |
|
STCF | Information on status: patent grant |
Free format text: PATENTED CASE |